PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-8776 Edimax CVE debrief

A buffer overflow vulnerability exists in the Edimax BR-6428NS router firmware version 1.10. The flaw resides in the `formPPTPSetup` function within the `/goform/formPPTPSetup` endpoint, where improper handling of the `pptpUserName` parameter in POST requests allows remote attackers to trigger memory corruption. The vulnerability carries a HIGH severity CVSS score of 7.4 and can be exploited remotely without authentication. Public exploit disclosure occurred on 2026-05-18, with the vendor reportedly unresponsive to prior disclosure attempts. The weakness stems from classic buffer overflow conditions (CWE-119/CWE-120) in processing user-supplied input without adequate bounds checking.

Vendor
Edimax
Product
BR-6428NS
CVSS
HIGH 7.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-18
Original CVE updated
2026-05-18
Advisory published
2026-05-18
Advisory updated
2026-05-18

Who should care

Organizations deploying Edimax BR-6428NS routers for remote access or VPN termination; network administrators managing SOHO router fleets; security teams tracking unpatched network infrastructure vulnerabilities

Technical summary

The Edimax BR-6428NS firmware 1.10 contains a buffer overflow in the PPTP setup handler. Remote attackers can send crafted POST requests to `/goform/formPPTPSetup` with an oversized `pptpUserName` parameter to corrupt memory and potentially execute arbitrary code. The attack requires no authentication and has low complexity.

Defensive priority

HIGH

Recommended defensive actions

  • Block or restrict access to `/goform/formPPTPSetup` endpoint at network perimeter until patch availability confirmed
  • Implement network segmentation to isolate affected Edimax BR-6428NS devices from untrusted networks
  • Monitor for anomalous POST requests to `/goform/formPPTPSetup` containing oversized `pptpUserName` parameters
  • Contact Edimax support directly to request security patch timeline for firmware version 1.10
  • Consider replacing affected devices if vendor patch commitment cannot be obtained
  • Review and strengthen input validation on all router administrative endpoints

Evidence notes

Vulnerability confirmed via VulDB submission and Notion-hosted technical documentation. CVSS 4.0 vector indicates network attack vector with low attack complexity, no privileges required, and high impact to confidentiality, integrity, and availability.

Official resources

Public exploit disclosed 2026-05-18; vendor unresponsive to prior disclosure