CVE-2026-36734

HIGH

EDIMAX BR-6428nS V3 1.15 - Command Injection

Title source: llm

Description

EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authenticated attacker with access to the network can submit crafted input to the WLAN configuration functionality. Due to insufficient input validation, the attacker is able to execute arbitrary system commands on the device.

References (2)

Core 2

Core References

http://edimax.com

https://github.com/theShinigami/CVE-Disclosures/tree/main/CVE-2026-36734

View Writeup ZIP pw:eip

Scores

CVSS v3 8.8

EPSS 0.0102

EPSS Percentile 58.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-77

Status published

Published May 11, 2026

Tracked Since May 12, 2026