How is CVE-2026-10125 exploited?

Network reachability (required): The attacker must reach the router's HTTP management interface over the network to deliver the malicious POST. Authentication (required): A low-privilege account on the device is needed (PR:L), but any authenticated user session is sufficient. Victim interaction (not-required): No user has to click or interact - the attacker drives the exploit directly against the endpoint. Attack complexity (info): Attack complexity is low and a public exploit exists, making the bug reliable to trigger without environmental tuning.

What is the impact of CVE-2026-10125?

Executes attacker-controlled code on the router with the privileges of the web service, typically root on this device class. Reads and modifies persisted device configuration, including PPPoE credentials, DNS settings, and admin secrets. Disrupts or crashes the router, taking the network segment behind it offline. Provides a pivot point on the network edge for further lateral movement into the LAN.

Back to search

HIGHCVE-2026-10125Published 2026-05-30Modified 2026-05-30CNA VulDB

CVE-2026-10125: Edimax BR-6478AC POST Request formPPPoESetup stack-based overflow

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used.

HarborGuard Analysis

HarborGuard analysis

Synopsis

A stack-based buffer overflow exists in the formPPPoESetup handler of the Edimax BR-6478AC router (version 1.23), reachable through a POST request to /goform/formPPPoESetup. An authenticated attacker with any low-privilege account on the device's web interface can send an oversized pppUserName parameter over the network to overflow the stack, enabling arbitrary code execution, configuration tampering, or device crash. No vendor fix has been published; HarborGuard tracks the advisory and will make a patched-image rebuild available the moment an upstream fix is released.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment - the CVE is ingested from upstream feeds within minutes of publication and matched against router firmware and container images in customer registries and CI pipelines, including custom-built images that bundle Edimax components.

Available

Triage

Each match is scored against the published CVSS 4.0 value of 8.7 (High) and reweighted by each environment's compliance policy, then routed to the appropriate inbox inside the customer org so network-edge owners see it without manual triage.

Available

Patch

No upstream fix is currently available; HarborGuard re-checks the Edimax advisory on every ingest cycle and will make a patched-image rebuild available the moment the vendor publishes a fixed firmware. For environments with auto-remediation enabled, that rebuild will be regression-tested and a PR opened against affected workloads automatically.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must reach the router's HTTP management interface over the network to deliver the malicious POST.
AuthenticationRequired
A low-privilege account on the device is needed (PR:L), but any authenticated user session is sufficient.
Victim interactionNot required
No user has to click or interact - the attacker drives the exploit directly against the endpoint.
Attack complexityDetail
Attack complexity is low and a public exploit exists, making the bug reliable to trigger without environmental tuning.

Blast Radius

Executes attacker-controlled code on the router with the privileges of the web service, typically root on this device class.
Reads and modifies persisted device configuration, including PPPoE credentials, DNS settings, and admin secrets.
Disrupts or crashes the router, taking the network segment behind it offline.
Provides a pivot point on the network edge for further lateral movement into the LAN.

How HarborGuard Handles This

Available on HarborGuard: continuous monitoring of the Edimax advisory with automatic re-check on every ingest cycle, so a patched-image rebuild becomes available the moment the vendor ships a fix. Until then, environments can apply compensating controls surfaced by HarborGuard - restricting the router's management interface to trusted management VLANs, blocking external access to /goform/ endpoints, and rotating any low-privilege device credentials that could be used to reach formPPPoESetup. For customers with auto-remediation enabled, the eventual patched firmware rebuild will be regression-tested and a PR opened against affected workloads automatically once upstream publishes.

See how HarborGuard automates this

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Edimax / BR-6478AC
1.23

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References