PatchSiren cyber security CVE debrief
CVE-2026-9479 Edimax CVE debrief
A stack-based buffer overflow vulnerability exists in the Edimax EW-7438RPn wireless range extender firmware version 1.31. The vulnerability is located in the `formLogout` function within the `/goform/formLogout` endpoint, where improper handling of the `submit-url` parameter allows remote attackers to overflow a stack buffer. The attack vector is network-based, requires low attack complexity, and can be executed remotely without user interaction. The vulnerability has been publicly disclosed with proof-of-concept material available, and the vendor was reportedly contacted but did not respond. The CVSS 4.0 vector indicates high impacts to confidentiality, integrity, and availability. No known exploitation in ransomware campaigns has been documented, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Edimax
- Product
- EW-7438RPn
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-25
- Original CVE updated
- 2026-05-26
- Advisory published
- 2026-05-25
- Advisory updated
- 2026-05-26
Who should care
Organizations deploying Edimax EW-7438RPn range extenders in production environments; network administrators managing IoT device fleets; security teams responsible for edge network infrastructure; incident response teams tracking IoT-targeting threat actors
Technical summary
The Edimax EW-7438RPn firmware 1.31 contains a stack-based buffer overflow in the `formLogout` function of `/goform/formLogout`. The `submit-url` parameter lacks proper bounds checking, allowing remote attackers to overwrite stack memory. Successful exploitation could result in arbitrary code execution with device privileges. The vulnerability is remotely exploitable without authentication requirements, making it suitable for automated scanning and exploitation. The disclosure includes technical details sufficient for reproduction, though no widespread exploitation has been confirmed at time of publication.
Defensive priority
HIGH
Recommended defensive actions
- Block or restrict access to the `/goform/formLogout` endpoint on affected Edimax EW-7438RPn devices at network boundaries
- Segment IoT devices including Edimax range extenders from critical network infrastructure
- Monitor for anomalous requests to `/goform/formLogout` with oversized or malformed `submit-url` parameters
- Apply firmware updates from Edimax if and when released; consider replacement if vendor support is discontinued
- Review and update asset inventories to identify deployments of Edimax EW-7438RPn firmware version 1.31
Evidence notes
Vulnerability confirmed through Vuldb CNA submission and GitHub disclosure. CVSS 4.0 score of 7.4 (HIGH) assigned. CWE-119 and CWE-121 (stack-based buffer overflow) identified as root causes. Vendor contact attempted without response per disclosure timeline.
Official resources
Public disclosure with vendor non-response; proof-of-concept available