PatchSiren cyber security CVE debrief
CVE-2026-9461 Edimax CVE debrief
A stack-based buffer overflow vulnerability exists in the Edimax EW-7438RPn wireless range extender, firmware version 1.31. The vulnerability is located in the `formRadius` function within the `/goform/formRadius` endpoint, where improper handling of the `submit-url` parameter allows remote attackers to overflow the stack buffer. The CVSS 4.0 score of 7.4 (HIGH) reflects network attack vector, low attack complexity, no required user interaction, and high impacts to confidentiality, integrity, and availability. The exploit has been publicly disclosed, and the vendor was reportedly contacted without response. The vulnerability is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).
- Vendor
- Edimax
- Product
- EW-7438RPn
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-25
- Original CVE updated
- 2026-05-26
- Advisory published
- 2026-05-25
- Advisory updated
- 2026-05-26
Who should care
Organizations deploying Edimax EW-7438RPn range extenders in production environments, particularly those with exposed management interfaces. Security teams responsible for IoT device hardening and network segmentation. Incident response teams monitoring for commodity IoT exploitation. Supply chain security assessors evaluating consumer networking equipment.
Technical summary
The Edimax EW-7438RPn firmware 1.31 contains a stack-based buffer overflow in the `formRadius` function of `/goform/formRadius`. The `submit-url` parameter lacks proper bounds checking, enabling remote attackers to overwrite return addresses and achieve arbitrary code execution. Attack complexity is low with no authentication prerequisites beyond network access to the device's web interface.
Defensive priority
HIGH
Recommended defensive actions
- Block or restrict access to the /goform/formRadius endpoint at network perimeter until patch availability confirmed
- Segment IoT device networks to isolate affected Edimax range extenders from critical infrastructure
- Monitor for anomalous HTTP POST requests to /goform/formRadius with oversized submit-url parameters
- Contact Edimax support directly to request security patch timeline for firmware version 1.31
- Consider replacement or alternative vendor if patch timeline unavailable and device exposure is high-risk
- Review device logs for unexpected reboots or crashes that may indicate exploitation attempts
Evidence notes
Vulnerability confirmed through Vuldb CNA submission and GitHub disclosure. NVD status currently 'Deferred'. Vendor contact attempted without response per disclosure timeline.
Official resources
Public disclosure with exploit availability; vendor non-responsive