CVE-2026-9347

MEDIUM

Edimax EW-7438RPn webs formWizSurvey os command injection

Title source: cna

Description

A vulnerability has been found in Edimax EW-7438RPn up to 1.31. Affected is the function formWizSurvey of the file /goform/formWizSurvey of the component webs. The manipulation of the argument ip/mask/gateway leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (5)

Core 5

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-365310 | Edimax EW-7438RPn webs formWizSurvey os command injection

https://vuldb.com/vuln/365310

Signature, Permissions Required signature permissions-required

VDB-365310 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/365310/cti

Third Party Advisory third-party-advisory

Submit #813889 | Edimax EW-7438RPn 1.31 Command Injection

https://vuldb.com/submit/813889

Third Party Advisory third-party-advisory

Submit #811543 | EDIMAX EW-7438RPn Mini EW-7438RPn Mini Firmware 1.28a (Version : 1.28a) Command Injection (Duplicate)

https://vuldb.com/submit/811543

Exploit exploit

https://github.com/wudipjq/my_vuln/blob/main/Edimax/vuln_5/5.md

View Exploit ZIP pw:eip

Scores

CVSS v3 6.3

EPSS 0.0108

EPSS Percentile 78.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-77 CWE-78

Status published

Products (32)

Edimax/EW-7438RPn 1.0

Edimax/EW-7438RPn 1.1

Edimax/EW-7438RPn 1.10

Edimax/EW-7438RPn 1.11

Edimax/EW-7438RPn 1.12

Edimax/EW-7438RPn 1.13

Edimax/EW-7438RPn 1.14

Edimax/EW-7438RPn 1.15

Edimax/EW-7438RPn 1.16

Edimax/EW-7438RPn 1.17

... and 22 more

Published May 24, 2026

Tracked Since May 24, 2026