CVE-2026-9381 Edimax CVE debrief

Who should care

Organizations deploying Edimax BR-6675nD routers for broadband connectivity, particularly those exposing administrative interfaces to any network segment. Security teams responsible for edge network infrastructure and SOHO device management should prioritize assessment.

Technical summary

The vulnerability is a classic buffer overflow in a web-based administration interface. The `formPPPoESetup` handler in `/goform/formPPPoESetup` fails to properly validate the length of the `pppUserName` parameter before processing it, allowing an attacker to overflow a stack or heap buffer. This is a POST-based attack that can be executed remotely once authentication (low privilege) is obtained. The high CVSS scores reflect complete compromise potential of the device. The public exploit availability and vendor silence create a heightened threat environment for affected deployments.

Defensive priority

HIGH

Recommended defensive actions

• Block or restrict access to the /goform/formPPPoESetup endpoint at network boundaries if the Edimax BR-6675nD is deployed
• Apply network segmentation to isolate affected routers from untrusted networks
• Monitor for anomalous POST requests to /goform/formPPPoESetup with oversized pppUserName parameters
• Consider replacing or discontinuing use of Edimax BR-6675nD firmware version 1.12 given vendor non-response
• Review logs for signs of exploitation attempts targeting PPPoE configuration endpoints

Evidence notes

Vulnerability data sourced from NVD with CNA attribution to VulDB. Primary reference points to a Notion-hosted disclosure document. CVSS 4.0 scoring applied. Weakness classifications include CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input).

Official resources