PatchSiren cyber security CVE debrief
CVE-2026-9343 Edimax CVE debrief
A command injection vulnerability exists in Edimax EW-7438RPn wireless range extenders running firmware up to version 1.31. The vulnerability resides in the formWpsStart function within the /goform/formWpsStart endpoint of the device's web server (webs). The pinCode parameter is not properly sanitized, allowing an authenticated attacker to inject arbitrary operating system commands. Successful exploitation could result in unauthorized command execution on the affected device. The vulnerability has a CVSS 4.0 base score of 2.1 (LOW severity) with the vector AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L, indicating network-based attack with low complexity, requiring low privileges, and resulting in low impacts to confidentiality, integrity, and availability. The exploit has been publicly disclosed, and the vendor was reportedly contacted but did not respond. The CVE was published on 2026-05-23 and last modified on 2026-05-26.
- Vendor
- Edimax
- Product
- EW-7438RPn
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-23
- Original CVE updated
- 2026-05-26
- Advisory published
- 2026-05-23
- Advisory updated
- 2026-05-26
Who should care
Organizations deploying Edimax EW-7438RPn range extenders in enterprise or home office environments; network administrators responsible for IoT device security; security teams monitoring for command injection attacks against edge network devices
Technical summary
The Edimax EW-7438RPn wireless range extender contains an OS command injection vulnerability in its WPS configuration handler. The formWpsStart function in /goform/formWpsStart fails to properly validate the pinCode parameter before passing it to shell execution functions. An attacker with low-privileged network access can inject arbitrary commands through this parameter. The vulnerability affects firmware versions up to and including 1.31. The device uses the 'webs' HTTP server component, which exposes this functionality without adequate input sanitization.
Defensive priority
medium
Recommended defensive actions
- Apply network segmentation to isolate affected Edimax EW-7438RPn devices from critical infrastructure
- Restrict administrative access to the device management interface to trusted hosts only
- Monitor for suspicious requests to /goform/formWpsStart containing unusual pinCode parameter values
- Consider discontinuing use of affected firmware versions pending vendor patch availability
- Review device logs for indicators of unauthorized command execution
Evidence notes
Vulnerability identified in Edimax EW-7438RPn firmware ≤1.31 via formWpsStart function in /goform/formWpsStart. CWE-77 and CWE-78 (Command Injection) assigned. CVSS 4.0 score 2.1 (LOW). Exploit publicly available per Vuldb disclosure.
Official resources
Public disclosure with exploit availability; vendor unresponsive