PatchSiren cyber security CVE debrief
CVE-2026-10165 Edimax CVE debrief
A stack-based buffer overflow vulnerability exists in the Edimax BR-6478AC router firmware version 1.23. The vulnerability is located in the formWanTcpipSetup function within the /goform/formWanTcpipSetup endpoint, which handles POST requests. The pppUserName parameter is not properly validated, allowing an attacker to send an oversized value that overflows a stack-allocated buffer. The attack vector is network-based, requires low attack complexity, and can be exploited remotely with low privileges required and no user interaction. The CVSS 4.0 vector indicates high impacts to confidentiality, integrity, and availability of the vulnerable component. The exploit has been publicly disclosed and is available, increasing the likelihood of active exploitation. The vendor attribution is derived from a Notion-hosted reference with low confidence and requires review. No CPE criteria were available in the source data to confirm exact affected product configurations.
- Vendor
- Edimax
- Product
- BR-6478AC
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-31
- Original CVE updated
- 2026-05-31
- Advisory published
- 2026-05-31
- Advisory updated
- 2026-05-31
Who should care
Network administrators managing Edimax BR-6478AC deployments, security operations centers monitoring edge router exploitation, and organizations relying on consumer-grade routing equipment for WAN connectivity.
Technical summary
The vulnerable endpoint /goform/formWanTcpipSetup in Edimax BR-6478AC firmware 1.23 fails to properly bound-check the pppUserName parameter during WAN TCP/IP configuration processing. An authenticated or low-privileged remote attacker can submit a crafted POST request with an oversized pppUserName value, causing a stack-based buffer overflow. Successful exploitation may result in arbitrary code execution with the privileges of the web server process, or denial of service through process crash. The vulnerability is classified under CWE-121 (Stack-based Buffer Overflow) and CWE-119, with a CVSS 4.0 score of 7.4 (HIGH). The exploit is publicly available, elevating the urgency for defensive response.
Defensive priority
HIGH
Recommended defensive actions
- Apply firmware updates from Edimax if and when available for the BR-6478AC model
- Restrict network access to the router's administrative interface to trusted management networks only
- Implement network segmentation to isolate affected routers from critical infrastructure
- Monitor for anomalous POST requests to /goform/formWanTcpipSetup containing unusually long pppUserName values
- Consider replacing end-of-life devices if vendor patches are not forthcoming
- Review and validate vendor attribution independently given the low-confidence source classification
Evidence notes
The vulnerability description is sourced from NVD with VulDB as the CNA. The weakness enumerations are CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow). The CVSS 4.0 score of 7.4 (HIGH) reflects network attack vector, low complexity, low privileges required, no user interaction, and high impacts. The exploit availability flag (E:P) indicates a public exploit exists. Vendor identification is marked as low confidence based on reference domain candidate analysis pointing to Notion as the hosting domain, with 'Unknown Vendor' as the current assignment. No KEV listing or known ransomware campaign use is associated with this CVE.
Official resources
2026-05-31T04:16:19.510Z