PatchSiren cyber security CVE debrief
CVE-2026-9362 Edimax CVE debrief
A command injection vulnerability exists in Edimax EW-7438RPn firmware version 1.12, specifically within the `formConnectionSetting` function of the `/goform/formConnectionSetting` endpoint. The vulnerability stems from improper sanitization of the `max_Conn` and `timeOut` parameters, allowing remote attackers to inject arbitrary commands. The CVSS 4.0 vector indicates network attack vector with low attack complexity, low privileges required, and no user interaction needed, with partial impacts to confidentiality, integrity, and availability. The exploit has been publicly disclosed, and the vendor was reportedly contacted without response. The vulnerability is classified under CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component) and CWE-77 (Improper Neutralization of Special Elements used in a Command).
- Vendor
- Edimax
- Product
- EW-7438RPn
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-24
- Original CVE updated
- 2026-05-26
- Advisory published
- 2026-05-24
- Advisory updated
- 2026-05-26
Who should care
Network administrators managing Edimax EW-7438RPn wireless range extenders, SOHO network operators, IoT security teams, and organizations with these devices deployed in guest or isolated network segments.
Technical summary
The vulnerability resides in the Setting Handler component's formConnectionSetting function, accessible via the /goform/formConnectionSetting endpoint. The max_Conn and timeOut parameters are passed to underlying system commands without adequate input validation or sanitization, enabling command injection. Attackers with low-privileged network access can exploit this remotely to execute arbitrary commands on the device.
Defensive priority
medium
Recommended defensive actions
- Restrict network access to the router's administrative interface to trusted management networks only
- Implement network segmentation to isolate affected devices from critical infrastructure
- Monitor for anomalous HTTP POST requests to /goform/formConnectionSetting containing shell metacharacters
- Apply firmware updates from Edimax if and when released, or consider replacement of end-of-life devices
- Review and disable remote administration features if not strictly required
Evidence notes
Primary evidence sourced from NVD modified feed with VulDB as CNA. Notion-hosted disclosure document and VulDB entries provide technical details. CPE criteria not populated in source data.
Official resources
Public disclosure occurred on 2026-05-24 with exploit availability confirmed. Vendor non-response increases exposure risk despite low CVSS severity.