PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-8775 Edimax CVE debrief

A buffer overflow vulnerability exists in the Edimax BR-6428NS router firmware version 1.10. The flaw resides in the formL2TPSetup function within the /goform/formL2TPSetup endpoint, where improper handling of the L2TPUserName parameter in POST requests allows remote attackers to trigger memory corruption. The vulnerability is remotely exploitable without authentication requirements, with public exploit availability confirmed. The vendor was notified prior to disclosure but did not respond.

Vendor
Edimax
Product
BR-6428NS
CVSS
HIGH 7.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-18
Original CVE updated
2026-05-18
Advisory published
2026-05-18
Advisory updated
2026-05-18

Who should care

Organizations deploying Edimax BR-6428NS routers for residential or small office networks; managed service providers with client deployments of this equipment; security teams responsible for IoT and network infrastructure protection; incident response teams tracking exploitation of published router vulnerabilities.

Technical summary

The Edimax BR-6428NS router firmware version 1.10 contains a buffer overflow vulnerability in the formL2TPSetup function handling POST requests to /goform/formL2TPSetup. The L2TPUserName parameter lacks proper bounds validation, enabling attackers to overflow stack or heap buffers through crafted network requests. This is a classic buffer overflow condition (CWE-120) with memory corruption implications (CWE-119). The attack requires no user interaction and can be executed remotely with low complexity. Successful exploitation may result in complete compromise of device confidentiality, integrity, and availability.

Defensive priority

HIGH

Recommended defensive actions

  • Block or restrict access to /goform/formL2TPSetup on affected Edimax BR-6428NS devices at the network perimeter
  • Implement network segmentation to isolate affected router management interfaces from untrusted networks
  • Monitor for anomalous POST requests to /goform/formL2TPSetup containing oversized L2TPUserName parameters
  • Apply firmware updates from Edimax when available; consider replacement if vendor patch is not forthcoming
  • Review and disable L2TP functionality if not required for operations

Evidence notes

Vulnerability identified in Edimax BR-6428NS firmware 1.10. Affected component: POST request handler for /goform/formL2TPSetup. Root cause: insufficient bounds checking on L2TPUserName parameter leading to buffer overflow (CWE-119/CWE-120). Attack vector: network-based, low complexity, no privileges required. Exploit status: published and available. Vendor contact attempted without response. CVSS 4.0 vector: AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P.

Official resources

2026-05-18