How is CVE-2026-10163 exploited?

Network reachability (required): The attacker must reach the router's HTTP management interface over the network to deliver the malicious POST request. Authentication (required): PR:L indicates any low-privilege account on the device is sufficient to invoke the vulnerable handler. Victim interaction (not-required): UI:N means no administrator or user action is needed; the attacker drives the exploit directly. Attack complexity (info): AC:L indicates the exploit is reliable and free of race conditions or environmental prerequisites, and a public proof of concept has been disclosed.

What is the impact of CVE-2026-10163?

Executes attacker-controlled code or corrupts memory in the router's web management process, with full read access to stored credentials and configuration. Modifies device configuration, including USB account settings, routing, and firewall rules persisted on the device. Crashes or hangs the management service, disrupting administration and potentially network connectivity for clients behind the router.

Back to search

HIGHCVE-2026-10163Published 2026-05-31Modified 2026-05-31CNA VulDB

CVE-2026-10163: Edimax BR-6478AC POST Request formUSBAccount buffer overflow

A vulnerability has been found in Edimax BR-6478AC 1.23. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. The manipulation of the argument UserName/Password leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

HarborGuard Analysis

HarborGuard analysis

Synopsis

A buffer overflow in the Edimax BR-6478AC router affects the formUSBAccount handler reachable at /goform/formUSBAccount. The bug is triggered by oversized UserName or Password values in a POST request, reachable over the network with any low-privilege account on the device's management interface, and successful exploitation lets an attacker compromise confidentiality, integrity, and availability on the device. No upstream fix has been published, so HarborGuard tracks the advisory for patch availability.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment, with the CVE ingested from upstream feeds within minutes of publication and matched against images in customer registries and build pipelines. Custom-built images that bundle the BR-6478AC firmware or related Edimax components are covered by the same matching pass.

Available

Triage

Triage scoring is available using the published CVSS v4 score of 8.7 (HIGH), then re-weighted against each customer organization's compliance policy. Findings route to the appropriate inbox inside the customer org based on workload ownership and policy tags.

Available

Patch

No fix version has been published by Edimax, so a patched-image rebuild cannot yet be produced. HarborGuard re-checks the advisory each ingest cycle and will make a patched rebuild available the moment an upstream fix is published, with auto-remediation customers receiving a rebuild, regression run, and PR opened against affected workloads automatically.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must reach the router's HTTP management interface over the network to deliver the malicious POST request.
AuthenticationRequired
PR:L indicates any low-privilege account on the device is sufficient to invoke the vulnerable handler.
Victim interactionNot required
UI:N means no administrator or user action is needed; the attacker drives the exploit directly.
Attack complexityDetail
AC:L indicates the exploit is reliable and free of race conditions or environmental prerequisites, and a public proof of concept has been disclosed.

Blast Radius

Executes attacker-controlled code or corrupts memory in the router's web management process, with full read access to stored credentials and configuration.
Modifies device configuration, including USB account settings, routing, and firewall rules persisted on the device.
Crashes or hangs the management service, disrupting administration and potentially network connectivity for clients behind the router.

How HarborGuard Handles This

Available on HarborGuard: continuous monitoring of the Edimax advisory for a published fix, with the patched-image rebuild becoming available automatically the moment upstream ships a corrected firmware build. In the interim, compensating controls are surfaced in the finding, including restricting management-interface exposure via network policy, blocking inbound access to /goform/ endpoints from untrusted networks, rotating any low-privilege device accounts, and gating the affected workload behind egress and ingress filtering. For environments with auto-remediation enabled, the rebuild, regression-test run, and PR against affected workloads will be triggered as soon as a fixed version is indexed.

See how HarborGuard automates this

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Edimax / BR-6478AC
1.23

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References