PatchSiren cyber security CVE debrief
CVE-2026-9424 Edimax CVE debrief
A command injection vulnerability exists in the Edimax EW-7438RPn wireless range extender firmware version 1.31. The vulnerability resides in the formWlanMP function within the /goform/formWlanMP endpoint, where multiple parameters—including ateFunc, ateGain, ateTxCount, ateChan, ateRate, ateMacID, e2pTxPower1 through e2pTxPower7, e2pTx2Power1 through e2pTx2Power7, ateTxFreqOffset, ateMode, ateBW, ateAntenna, e2pTxFreqOffset, e2pTxPwDeltaB, e2pTxPwDeltaG, e2pTxPwDeltaMix, e2pTxPwDeltaN, and readE2P—are insufficiently sanitized before being passed to system shell commands. An authenticated attacker with network access can inject arbitrary operating system commands through these parameters. The vulnerability has been publicly disclosed with proof-of-concept material available, and the vendor was notified but did not respond. The CVSS 4.0 vector indicates network attack vector with low attack complexity, no privileges required, and low impacts across confidentiality, integrity, and availability dimensions.
- Vendor
- Edimax
- Product
- EW-7438RPn
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-25
- Original CVE updated
- 2026-05-26
- Advisory published
- 2026-05-25
- Advisory updated
- 2026-05-26
Who should care
Organizations deploying Edimax EW-7438RPn range extenders in production environments, particularly those with exposed management interfaces or in regulated industries requiring command execution controls. Security teams responsible for IoT and network infrastructure asset management should prioritize inventory and risk assessment.
Technical summary
The Edimax EW-7438RPn firmware 1.31 contains a command injection vulnerability in its wireless configuration handler. The formWlanMP function processes numerous ATE (Advanced Test Equipment) and EEPROM-related parameters without adequate sanitization, allowing authenticated remote attackers to execute arbitrary shell commands. The attack surface is exposed through the device's web management interface. Multiple parameters related to transmit power calibration, frequency offset, and EEPROM operations are affected. The vulnerability is exploitable remotely and proof-of-concept code has been published.
Defensive priority
medium
Recommended defensive actions
- Restrict network access to administrative interfaces of Edimax EW-7438RPn devices
- Implement network segmentation to isolate affected range extenders from critical infrastructure
- Monitor for suspicious requests to /goform/formWlanMP containing shell metacharacters
- Consider discontinuing use of firmware version 1.31 pending vendor patch availability
- Review logs for unauthorized configuration changes or unexpected system behavior
- Apply input validation and parameterized command execution if custom firmware modifications are deployed
Evidence notes
Vulnerability confirmed through Vuldb entry and associated GitHub repository containing technical details. CWE-77 and CWE-78 classified. CVSS 4.0 scoring applied.
Official resources
Public disclosure occurred on 2026-05-25 with exploit availability confirmed. Vendor non-response to early disclosure contact.