CVE-2026-8776— Edimax BR-6428NS POST Request formPPTPSetup buffer overflow
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-8776
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Edimax BR-6428NS POST Request formPPTPSetup buffer overflow
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been found in Edimax BR-6428NS 1.10. This vulnerability affects the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Such manipulation of the argument pptpUserName leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Edimax BR-6428nS 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Edimax BR-6428nS是中国讯舟(Edimax)公司的一款无线路由器。 Edimax BR-6428NS v4_1.10版本存在缓冲区错误漏洞,该漏洞源于POST Request Handler组件中文件/goform/formPPTPSetup的函数formPPTPSetup对参数pptpUserName的操作导致缓冲区溢出,可能允许远程攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-8776
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-8776
请登录查看更多情报信息。
Advisory · 1
- https://vuldb.com/submit/811531third-party-advisory
- CVE-2026-8776 | Edimax BR-6428NS 1.10 POST Request /goform/formPPTPSetup pptpUserName buffer overflowvdb-entrytechnical-description
- https://nvd.nist.gov/vuln/detail/CVE-2026-8776
Same Patch Batch · Edimax · 2026-05-18 · 4 CVEs total
| CVE-2026-8775 | 8.8 HIGH | Edimax BR-6428NS POST Request formL2TPSetup buffer overflow |
| CVE-2026-8777 | 6.3 MEDIUM | Edimax BR-6428NS POST Request formStaDrvSetup command injection |
| CVE-2026-8774 | 6.3 MEDIUM | Edimax BR-6228NC POST Request mp command injection |
IV. Related Vulnerabilities
Same vendor: Edimax
- CVE-2026-8777
Edimax BR-6428NS POST Request formStaDrvSetup command inject - CVE-2026-8775
Edimax BR-6428NS POST Request formL2TPSetup buffer overflow - CVE-2026-8774
Edimax BR-6228NC POST Request mp command injection - CVE-2026-7685
Edimax BR-6208AC setWAN buffer overflow - CVE-2026-7684
Edimax BR-6428nC setWAN buffer overflow
Same weakness: CWE-120
- CVE-2026-8775
Edimax BR-6428NS POST Request formL2TPSetup buffer overflow - CVE-2026-8764
H3C Magic B3 aspForm UpdateWanParams buffer overflow - CVE-2018-25328
VX Search 10.6.18 Local Buffer Overflow via Directory Field - CVE-2018-25323
Allok AVI DivX MPEG to DVD Converter 2.6.1217 Buffer Overflo - CVE-2020-37234
Internet Download Manager 6.38.12 Scheduler Buffer Overflow
V. Comments for CVE-2026-8776
No comments yet