PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-9399 Edimax CVE debrief

A buffer overflow vulnerability exists in the Edimax BR-6675nD router firmware version 1.12. The flaw resides in the formsetPPPoE function within the /goform/formsetPPPoE endpoint, where improper handling of the pppUserName parameter in POST requests allows remote attackers to trigger memory corruption. The vulnerability is remotely exploitable without authentication requirements, with public exploit availability confirmed per source documentation. The vendor was notified prior to disclosure but did not respond.

Vendor
Edimax
Product
BR-6675nD
CVSS
HIGH 7.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-24
Original CVE updated
2026-05-26
Advisory published
2026-05-24
Advisory updated
2026-05-26

Who should care

Network administrators managing Edimax BR-6675nD deployments, SOHO network operators, telecommunications providers using Edimax CPE equipment, and security teams responsible for router infrastructure protection.

Technical summary

The formsetPPPoE function in Edimax BR-6675nD firmware 1.12 fails to properly validate the length of the pppUserName parameter in POST requests to /goform/formsetPPPoE. This buffer overflow condition enables remote attackers to corrupt memory and potentially execute arbitrary code. The attack requires no authentication and can be initiated from any network position with reachability to the device's web interface.

Defensive priority

HIGH

Recommended defensive actions

  • Block or restrict access to /goform/formsetPPPoE endpoint at network perimeter
  • Implement network segmentation to isolate affected Edimax BR-6675nD devices from untrusted networks
  • Monitor for anomalous POST requests to /goform/formsetPPPoE with oversized pppUserName parameters
  • Consider firmware downgrade or device replacement pending vendor patch availability
  • Deploy intrusion detection signatures for buffer overflow patterns in HTTP form submissions to router administration interfaces

Evidence notes

Vulnerability confirmed through VulDB submission and analysis. CVSS 4.0 vector indicates network attack vector with low complexity, no privileges required, and high impact to confidentiality, integrity, and availability. CWE-119 and CWE-120 (buffer overflow conditions) identified as root cause categories.

Official resources

Public disclosure occurred 2026-05-24 with exploit availability confirmed. Vendor non-response to pre-disclosure contact increases urgency for defensive action.