CVE-2026-9347 Edimax CVE debrief

Who should care

Organizations deploying Edimax EW-7438RPn range extenders in production environments; network administrators managing SOHO or remote office infrastructure; security teams responsible for IoT device security posture; incident responders tracking exploitation of disclosed but unpatched embedded device vulnerabilities

Technical summary

The Edimax EW-7438RPn firmware through version 1.31 contains an OS command injection vulnerability in the `formWizSurvey` function of the `/goform/formWizSurvey` web endpoint. The `ip`, `mask`, and `gateway` parameters accept unsanitized input that is passed to shell execution contexts. An attacker with authenticated access can submit crafted parameter values containing shell metacharacters to execute arbitrary commands on the underlying Linux-based operating system. The vulnerability is remotely exploitable over HTTP/HTTPS. The device's `webs` server component handles the request without adequate input validation or output encoding, representing a classic injection weakness per CWE-78.

Defensive priority

medium

Recommended defensive actions

• Restrict network access to Edimax EW-7438RPn administrative interfaces to trusted management networks only
• Implement network segmentation to isolate affected range extenders from critical infrastructure
• Monitor for unauthorized access attempts to `/goform/formWizSurvey` endpoint
• Apply firmware updates from Edimax if and when available; consider replacement if vendor support is discontinued
• Review device configurations for unauthorized changes that may indicate exploitation
• resourceLinkAnnotations: [ref-4, ref-7]

Evidence notes

Vulnerability details sourced from VulDB CNA submission and NVD record. Vendor non-response documented in CVE description. CVSS 4.0 vector indicates network attack vector with low privileges required. CWE-77 and CWE-78 (command injection weaknesses) assigned by CNA. Exploit disclosure confirmed via GitHub reference.

Official resources