CVE-2026-1971

LOW

Edimax BR-6288ACL < 1.12 - Cross-Site Scripting via wiz_WISP24gmanual.asp manualssid Parameter

Title source: llm

Description

A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wiz_WISP24gmanual of the file wiz_WISP24gmanual.asp. Such manipulation of the argument manualssid leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor confirms that the affected product is end-of-life. They confirm that they "will issue a consolidated Security Advisory on our official support website." This vulnerability only affects products that are no longer supported by the maintainer.

References (4)

Core 4

Core References

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.344493

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.344493

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.743318

Various Sources exploit

https://tzh00203.notion.site/EDIMAX-BR6288ACL-v1-12-XSS-via-wiz_WISP24gmanual-asp-Configuration-2eeb5c52018a802e8ed9f6d000f7a6aa?source=copy_link

Scores

CVSS v3 2.4

EPSS 0.0022

EPSS Percentile 12.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79 CWE-94

Status published

Products (1)

edimax/br-6288acl_firmware < 1.12

Published Feb 06, 2026

Tracked Since Feb 18, 2026