CVE-2026-9295— Edimax BR-6428NS POST Request formWirelessTbl buffer overflow
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-9295
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Edimax BR-6428NS POST Request formWirelessTbl buffer overflow
Source: NVD (National Vulnerability Database)
Vulnerability Description
A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. Performing a manipulation of the argument vapurl results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-9295
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-9295
请登录查看更多情报信息。
Other References for CVE-2026-9295 (1)
Same Patch Batch · Edimax · 2026-05-23 · 5 CVEs total
| CVE-2026-9294 | 8.8 HIGH | Edimax BR-6428NS POST Request formWanTcpipSetup buffer overflow |
| CVE-2026-9296 | 6.3 MEDIUM | Edimax BR-6428NS POST Request formWlanM system command injection |
| CVE-2026-9297 | 6.3 MEDIUM | Edimax BR-6428NS POST Request formWlbasic command injection |
| CVE-2026-9343 | 6.3 MEDIUM | Edimax EW-7438RPn webs formWpsStart os command injection |
IV. Related Vulnerabilities
Same product: BR-6428NS
- CVE-2026-9297
Edimax BR-6428NS POST Request formWlbasic command injection - CVE-2026-9296
Edimax BR-6428NS POST Request formWlanM system command injec - CVE-2026-9294
Edimax BR-6428NS POST Request formWanTcpipSetup buffer overf - CVE-2026-8777
Edimax BR-6428NS POST Request formStaDrvSetup command inject - CVE-2026-8776
Edimax BR-6428NS POST Request formPPTPSetup buffer overflow
Same vendor: Edimax
- CVE-2026-9382
Edimax BR-6675nD POST Request formPPTPSetup buffer overflow - CVE-2026-9381
Edimax BR-6675nD POST Request formPPPoESetup buffer overflow - CVE-2026-9380
Edimax BR-6675nD POST Request formL2TPSetup buffer overflow - CVE-2026-9379
Edimax BR-6675nD POST Request formWpsStart command injection - CVE-2026-9378
Edimax BR-6675nD POST Request formHwSet command injection
Same weakness: CWE-120
- CVE-2026-9389
Tenda F456 L7Im frmL7ImForm buffer overflow - CVE-2026-9382
Edimax BR-6675nD POST Request formPPTPSetup buffer overflow - CVE-2026-9381
Edimax BR-6675nD POST Request formPPPoESetup buffer overflow - CVE-2026-9380
Edimax BR-6675nD POST Request formL2TPSetup buffer overflow - CVE-2026-9360
Edimax EW-7438RPn POST Request formwlencrypt24g buffer overf
V. Comments for CVE-2026-9295
No comments yet