These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-12810 is a low-severity command injection vulnerability in the Edimax BR-6478AC V2 version 1.23. The vulnerability affects the mp function in the /goform/mp file, allowing for remote command injection via manipulated POST requests. The CVSS score is 2.1, indicating a relatively low risk. However, defenders should still prioritize patching due to the potential for exploitation. The vendor, Edimax, [truncated]
A command injection vulnerability exists in the Edimax BR-6478AC router firmware version 1.23. The vulnerability is located in the formWlbasic function within the /goform/formWlbasic endpoint, where the rootAPmac parameter in POST requests is not properly sanitized, allowing remote attackers to inject and execute arbitrary commands. The vulnerability has been publicly disclosed with a published exploit. T [truncated]
A stack-based buffer overflow vulnerability exists in the Edimax BR-6478AC router firmware version 1.23. The vulnerability is located in the formWanTcpipSetup function within the /goform/formWanTcpipSetup endpoint, which handles POST requests. The pppUserName parameter is not properly validated, allowing an attacker to send an oversized value that overflows a stack-allocated buffer. The attack vector is n [truncated]
A buffer overflow vulnerability exists in the Edimax BR-6478AC router firmware version 1.23. The flaw resides in the formUSBAccount function within the /goform/formUSBAccount endpoint, where improper handling of the UserName and Password parameters in POST requests allows remote attackers to trigger memory corruption. The vulnerability has been publicly disclosed with an available exploit, enabling remote [truncated]
A stack-based buffer overflow vulnerability exists in the Edimax BR-6478AC router firmware version 1.23. The vulnerability is located in the formPPPoESetup function within the /goform/formPPPoESetup endpoint, which handles POST requests. The pppUserName parameter is not properly validated, allowing an attacker to send an oversized value that overflows the stack buffer. The attack vector is network-based, [truncated]
A stack-based buffer overflow vulnerability exists in the Edimax EW-7438RPn wireless range extender firmware version 1.31. The vulnerability is located in the `formSDHCP` function within the `/goform/formSDHCP` endpoint, where improper handling of the `submit-url` argument allows remote attackers to trigger memory corruption. The CVSS 4.0 score of 7.4 (HIGH) reflects network attack vector, low attack comp [truncated]
A stack-based buffer overflow vulnerability exists in the Edimax EW-7438RPn wireless range extender firmware version 1.31. The vulnerability is located in the `formLogout` function within the `/goform/formLogout` endpoint, where improper handling of the `submit-url` parameter allows remote attackers to overflow a stack buffer. The attack vector is network-based, requires low attack complexity, and can be [truncated]
A stack-based buffer overflow vulnerability exists in the Edimax EW-7438RPn wireless range extender firmware version 1.31. The vulnerability is located in the `formLicence` function within the `/goform/formLicence` endpoint, where improper handling of the `submit-url` argument allows remote attackers to overflow the stack buffer. The CVSS 4.0 vector indicates network attack vector with low attack complexi [truncated]
A stack-based buffer overflow vulnerability exists in the Edimax EW-7438RPn wireless range extender, firmware version 1.31. The vulnerability is located in the `formRadius` function within the `/goform/formRadius` endpoint, where improper handling of the `submit-url` parameter allows remote attackers to overflow the stack buffer. The CVSS 4.0 score of 7.4 (HIGH) reflects network attack vector, low attack [truncated]
A stack-based buffer overflow vulnerability exists in the Edimax EW-7438RPn wireless range extender firmware version 1.31. The vulnerability is located in the `formAccept` function within the `/goform/formAccept` endpoint, where improper handling of the `submit-url` argument allows remote attackers to trigger memory corruption. The CVSS 4.0 vector indicates network attack vector with low attack complexity [truncated]
A buffer overflow vulnerability exists in the Edimax BR-6478AC router firmware version 1.23. The flaw resides in the formL2TPSetup function within the /goform/formL2TPSetup endpoint, where improper handling of the L2TPUserName parameter in POST requests allows remote attackers to trigger memory corruption. The vulnerability is remotely exploitable without authentication requirements, with public exploit d [truncated]
A stack-based buffer overflow vulnerability exists in the Edimax EW-7438RPn wireless range extender, firmware version 1.31. The vulnerability resides in the `formHwSet` function within the `/goform/formHwSet` endpoint. Multiple parameters—including `Anntena`, `Mcs`, `regDomain`, `nic0Addr`, `nic1Addr`, `wlanAddr`, `wanAddr`, `wlanSSID`, `wlanChan`, `initgain`, `txcck`, `txofdm`, and `submit-url`—are susce [truncated]
A stack-based buffer overflow vulnerability exists in the Edimax EW-7438RPn wireless range extender, firmware version 1.31. The vulnerability resides in the `formWlanMP` function within the `/goform/formWlanMP` endpoint. Multiple parameters—including `ateFunc`, `ateGain`, `ateTxCount`, `ateChan`, `ateRate`, `ateMacID`, various `e2pTxPower` and `e2pTx2Power` parameters, `ateTxFreqOffset`, `ateMode`, `ateBW [truncated]
A command injection vulnerability exists in the Edimax EW-7438RPn wireless range extender firmware version 1.31. The vulnerability resides in the formWlanMP function within the /goform/formWlanMP endpoint, where multiple parameters—including ateFunc, ateGain, ateTxCount, ateChan, ateRate, ateMacID, e2pTxPower1 through e2pTxPower7, e2pTx2Power1 through e2pTx2Power7, ateTxFreqOffset, ateMode, ateBW, ateAnte [truncated]
A command injection vulnerability exists in the Edimax BR-6675nD router firmware version 1.12. The vulnerability is located in the formWlanMP function within the /goform/formWlanMP endpoint, which handles POST requests. Multiple parameters—including ateFunc, ateGain, ateRate, ateChan, ateTxCount, various e2pTxPower parameters, ateTxFreqOffset, ateMode, ateMacID, ateBW, ateAntenna, e2pTxFreqOffset, e2pTxPw [truncated]
A buffer overflow vulnerability exists in the Edimax BR-6675nD router firmware version 1.12. The vulnerability is located in the formWanTcpipSetup function within the /goform/formWanTcpipSetup endpoint, which handles POST requests. The pppUserName parameter is susceptible to buffer overflow through remote manipulation. The vulnerability was published on May 24, 2026, with the NVD record last modified on M [truncated]
A buffer overflow vulnerability exists in the Edimax BR-6675nD router firmware version 1.12. The flaw resides in the formsetPPPoE function within the /goform/formsetPPPoE endpoint, where improper handling of the pppUserName parameter in POST requests allows remote attackers to trigger memory corruption. The vulnerability is remotely exploitable without authentication requirements, with public exploit avai [truncated]
A buffer overflow vulnerability exists in the Edimax BR-6675nD router firmware version 1.12. The vulnerability is located in the `formPPPoESetup` function within the `/goform/formPPPoESetup` file, which handles POST requests. An attacker can trigger the overflow by manipulating the `pppUserName` parameter. The attack vector is network-based and requires low attack complexity with low privileges, but no us [truncated]
A command injection vulnerability exists in the Edimax BR-6675nD router firmware version 1.12. The vulnerability is located in the formWpsStart function within the /goform/formWpsStart endpoint, where the pinCode parameter in POST requests is not properly sanitized, allowing remote attackers to inject and execute arbitrary commands. The vulnerability has a CVSS 4.0 base score of 2.1 (LOW severity) with th [truncated]
A command injection vulnerability exists in the Edimax EW-7438RPn wireless range extender, specifically within the formEZCHNwlanSetup function of the /goform/formEZCHNwlanSetu endpoint. The vulnerability allows remote attackers to execute arbitrary commands by manipulating the 'method' parameter in POST requests. The CVSS 4.0 vector indicates network attack vector with low attack complexity, low privilege [truncated]
A command injection vulnerability exists in Edimax EW-7438RPn firmware version 1.12, specifically within the `formConnectionSetting` function of the `/goform/formConnectionSetting` endpoint. The vulnerability stems from improper sanitization of the `max_Conn` and `timeOut` parameters, allowing remote attackers to inject arbitrary commands. The CVSS 4.0 vector indicates network attack vector with low attac [truncated]
A stack-based buffer overflow vulnerability exists in Edimax EW-7438RPn wireless range extenders running firmware up to version 1.31. The vulnerability resides in the `/goform/mp` endpoint of the device's web server (`webs` component), where improper handling of the `webs` argument allows remote attackers to trigger memory corruption. The CVSS 4.0 vector indicates network attack vector with low attack com [truncated]
A command injection vulnerability exists in the Edimax EW-7438RPn wireless range extender, affecting firmware versions up to 1.31. The vulnerability resides in the `formWizSurvey` function within the `/goform/formWizSurvey` endpoint of the device's web server (`webs`). The `ip`, `mask`, and `gateway` parameters are not properly sanitized, allowing an authenticated attacker to inject arbitrary operating sy [truncated]
A buffer overflow vulnerability exists in Edimax EW-7438RPn wireless range extenders running firmware up to version 1.31. The flaw resides in the `formWirelessTbl` function within the `/goform/formWirelessTbl` endpoint of the device's web server (`webs` component). Remote attackers can exploit this by manipulating the `submit-url` argument, potentially achieving code execution. The vulnerability carries a [truncated]
A command injection vulnerability exists in Edimax EW-7438RPn wireless range extenders running firmware up to version 1.31. The vulnerability resides in the formWpsStart function within the /goform/formWpsStart endpoint of the device's web server (webs). The pinCode parameter is not properly sanitized, allowing an authenticated attacker to inject arbitrary operating system commands. Successful exploitatio [truncated]
A command injection vulnerability exists in the Edimax BR-6428NS router firmware version 1.10. The vulnerability resides in the POST request handler for the `/goform/formWlanM` endpoint, where multiple parameters—including `ateFunc`, `ateGain`, `ateTxCount`, `ateChan`, `ateRate`, `ateMacID`, `e2pTxPower1` through `e2pTxPower7`, `e2pTx2Power1` through `e2pTx2Power7`, `ateTxFreqOffset`, `ateMode`, `ateBW`, [truncated]
A command injection vulnerability exists in the Edimax BR-6428NS router firmware version 1.10. The vulnerability is located in the formStaDrvSetup function within the /goform/formStaDrvSetup endpoint, where the stadrv_ssid parameter in POST requests is not properly sanitized before being passed to system commands. This allows remote attackers with low privileges to inject arbitrary commands. The vulnerabi [truncated]
A buffer overflow vulnerability exists in the Edimax BR-6428NS router firmware version 1.10. The flaw resides in the `formPPTPSetup` function within the `/goform/formPPTPSetup` endpoint, where improper handling of the `pptpUserName` parameter in POST requests allows remote attackers to trigger memory corruption. The vulnerability carries a HIGH severity CVSS score of 7.4 and can be exploited remotely with [truncated]
A buffer overflow vulnerability exists in the Edimax BR-6428NS router firmware version 1.10. The flaw resides in the formL2TPSetup function within the /goform/formL2TPSetup endpoint, where improper handling of the L2TPUserName parameter in POST requests allows remote attackers to trigger memory corruption. The vulnerability is remotely exploitable without authentication requirements, with public exploit a [truncated]
CVE-2025-1316 is an OS command injection vulnerability affecting the Edimax IC-7100 IP Camera. CISA added it to the Known Exploited Vulnerabilities catalog on 2025-03-19, which means it has been identified as actively exploited and should be treated as a high-priority remediation item. The CISA KEV entry sets a remediation due date of 2025-04-09 and directs organizations to apply vendor mitigations, follo [truncated]