HarborGuard / CVE
Back to search
HIGHCVE-2026-10126Published Modified CNA VulDB

CVE-2026-10126: Edimax BR-6478AC POST Request formQoS buffer overflow

A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.

HarborGuard Analysis

HarborGuard analysis

Synopsis

A stack-based buffer overflow exists in the formQoS handler of the Edimax BR-6478AC router (firmware 1.23), reachable through a crafted POST request to /goform/formQoS where the selSSID parameter is not bounds-checked. The bug is reachable over the network and requires only a low-privileged account on the device's web interface; successful exploitation lets an attacker corrupt memory to read sensitive configuration, alter device settings, or crash the router. No upstream fix has been published, so HarborGuard tracks the advisory for patch availability.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment, with the CVE ingested from upstream feeds within minutes of publication and matched against images in customer registries and CI pipelines. Coverage extends to custom-built images that bundle Edimax BR-6478AC firmware or related components.

Available
Triage

Triage is available with the published CVSS v4.0 score of 8.7 (High) carried into each customer's queue and re-weighted by their compliance policy. Findings are routed to the appropriate inbox inside each customer org based on image ownership and workload tags.

Available
Patch

No upstream fix is currently published for this advisory. HarborGuard re-checks the advisory each ingest cycle and a patched-image rebuild will be made available the moment Edimax ships a fixed firmware, with auto-remediation customers receiving rebuild, regression run, and a PR against affected workloads at that point.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the router's HTTP management interface over the network to deliver the malicious POST request.

  • AuthenticationRequired

    A low-privileged account on the device is sufficient to invoke the vulnerable formQoS handler.

  • Victim interactionNot required

    No user action is needed; the attacker triggers the overflow directly by sending the crafted request.

  • Attack complexityDetail

    Attack complexity is low and a public exploit has been released, making the technique reliable and condition-free.

Blast Radius

  • Reads sensitive router configuration including stored Wi-Fi credentials and administrative secrets.
  • Modifies device settings such as routing, DNS, and QoS rules to pivot or intercept traffic.
  • Crashes or hangs the router, disrupting connectivity for everything behind it.
  • Provides a foothold for further code execution on the embedded device given the memory-corruption primitive.

How HarborGuard Handles This

Available on HarborGuard: continuous monitoring of the Edimax advisory with automatic ingestion of any fix metadata when it lands. Until upstream ships a patch, compensating-control suggestions are surfaced, including isolating the router's management interface from untrusted networks, restricting which accounts can reach /goform/formQoS, and egress filtering to limit lateral movement from a compromised device. For customers who opt into auto-remediation, a rebuilt image at the fix version will be generated, regression-tested, and proposed via PR against affected workloads as soon as Edimax publishes a fixed firmware.

See how HarborGuard automates this

Metrics

CVSS v4.0
8.7
Severity
HIGH
Fixed in
Affected Products
1
Affected packages
  • Edimax / BR-6478AC
    1.23
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
References