CVE-2026-9360

HIGH

Edimax EW-7438RPn POST Request formwlencrypt24g buffer overflow

Title source: cna

Description

A security flaw has been discovered in Edimax EW-7438RPn 1.28a. Affected by this issue is the function formwlencrypt24g of the file /goform/formwlencrypt24g of the component POST Request Handler. The manipulation of the argument key1 results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Core 4

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-365323 | Edimax EW-7438RPn POST Request formwlencrypt24g buffer overflow

https://vuldb.com/vuln/365323

Signature, Permissions Required signature permissions-required

VDB-365323 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/vuln/365323/cti

Third Party Advisory third-party-advisory

Submit #811544 | EDIMAX EW-7438RPn Mini EW-7438RPn Mini Firmware 1.28a (Version : 1.28a) Buffer Overflow

https://vuldb.com/submit/811544

Exploit exploit

https://lavender-bicycle-a5a.notion.site/EDIMAX-EW-7438RPn-Mini-formwlencrypt24g-34b53a41781f808c99bcd687b351750b?source=copy_link

Scores

CVSS v3 8.8

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Details

CWE

CWE-119 CWE-120

Status published

Products (1)

Edimax/EW-7438RPn 1.28a

Published May 24, 2026

Tracked Since May 24, 2026