CVE-2025-34029

HIGH EXPLOITED

Edimax EW-7438RPn Mini <1.13 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2025-34029 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Besim.

AI-analyzed exploit summary The exploit demonstrates two RCE vulnerabilities in Edimax EW-7438RPn v1.13 via command injection in `mp.asp` and `syscmd.asp` forms. The PoC includes HTTP requests with crafted payloads to execute arbitrary commands as root.

Description

An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell commands directly, resulting in command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC.

Exploits (1)

exploitdb WORKING POC
by Besim · textwebappshardware
https://www.exploit-db.com/exploits/48377

The exploit demonstrates two RCE vulnerabilities in Edimax EW-7438RPn v1.13 via command injection in `mp.asp` and `syscmd.asp` forms. The PoC includes HTTP requests with crafted payloads to execute arbitrary commands as root.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Edimax EW-7438RPn v1.13
Auth required
Prerequisites: Network access to the device · Valid admin credentials (Basic Auth)
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 8.8
EPSS 0.0535
EPSS Percentile 90.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2025-06-20
CWE
CWE-78
Status published
Products (2)
Edimax/Edimax EW-7438RPn Mini < 1.13
edimax/ew-7438rpn_mini_firmware < 1.13
Published Jun 20, 2025
Tracked Since Feb 18, 2026