PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-8777 Edimax CVE debrief

A command injection vulnerability exists in the Edimax BR-6428NS router firmware version 1.10. The vulnerability is located in the formStaDrvSetup function within the /goform/formStaDrvSetup endpoint, where the stadrv_ssid parameter in POST requests is not properly sanitized before being passed to system commands. This allows remote attackers with low privileges to inject arbitrary commands. The vulnerability was disclosed publicly on May 18, 2026 after the vendor was contacted but did not respond. Public exploit availability increases risk, though the CVSS 4.0 score of 2.1 reflects LOW severity due to required privileges and limited impact scope. The affected device is an older consumer-grade wireless router that may remain deployed in small office/home office environments.

Vendor
Edimax
Product
BR-6428NS
CVSS
LOW 2.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-18
Original CVE updated
2026-05-18
Advisory published
2026-05-18
Advisory updated
2026-05-18

Who should care

Network administrators managing Edimax BR-6428NS deployments, SOHO environment operators, and security teams responsible for legacy network infrastructure inventory and risk assessment.

Technical summary

The Edimax BR-6428NS firmware 1.10 contains a command injection vulnerability in the formStaDrvSetup function. The POST parameter stadrv_ssid is passed unsanitized to system shell execution, enabling authenticated remote attackers to execute arbitrary commands. The vulnerability is remotely exploitable with low privileges required. No patch is available due to vendor non-response.

Defensive priority

low

Recommended defensive actions

  • Review network inventory for Edimax BR-6428NS devices running firmware version 1.10
  • Segment or restrict network access to administrative interfaces on affected devices
  • Monitor for suspicious POST requests to /goform/formStaDrvSetup containing shell metacharacters in stadrv_ssid parameter
  • Consider replacing end-of-life router hardware with actively supported alternatives
  • Apply principle of least privilege to administrative access on network infrastructure

Evidence notes

Vulnerability confirmed through VulDB submission and Notion-hosted technical documentation. CVSS 4.0 vector indicates network attack vector with low attack complexity, low privileges required, and no user interaction needed. CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component) and CWE-77 (Improper Neutralization of Special Elements used in a Command) are identified as root causes.

Official resources

Public disclosure occurred on May 18, 2026, after vendor non-response to early contact attempts.