How is CVE-2026-10164 exploited?

Network reachability (required): The attacker must reach the device's HTTP management interface over the network to send the crafted POST request. Authentication (required): A low-privilege account on the router is sufficient to invoke the formUSBFolder handler. Victim interaction (not-required): No user action is needed; the attacker drives the request directly against the device. Attack complexity (info): Attack complexity is low and a public exploit exists, so the overflow triggers reliably without environmental tuning.

What is the impact of CVE-2026-10164?

Executes attacker-controlled code in the context of the router's web service, yielding full control of the device. Reads any data the firmware can access, including stored credentials, Wi-Fi keys, and USB share contents. Modifies device configuration, routing, and firmware state, enabling persistent backdoors or traffic interception. Crashes the management service or the device itself, disrupting connectivity for everything behind the router.

Back to search

HIGHCVE-2026-10164Published 2026-05-31Modified 2026-05-31CNA VulDB

CVE-2026-10164: Edimax BR-6478AC POST Request formUSBFolder buffer overflow

A vulnerability was found in Edimax BR-6478AC 1.23. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. The manipulation of the argument ShareName/SelectName results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.

HarborGuard Analysis

HarborGuard analysis

Synopsis

A buffer overflow in the Edimax BR-6478AC router firmware version 1.23 allows an authenticated attacker to corrupt memory by sending crafted ShareName or SelectName parameters in a POST request to the /goform/formUSBFolder handler. The bug is reachable over the network and requires only a low-privilege account, and successful exploitation gives full read, write, and disruption capability against the device. No upstream fix has been published; HarborGuard tracks the advisory and will make a patched rebuild available the moment vendor firmware ships.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment, with the advisory ingested from upstream feeds within minutes of publication and matched against router and embedded-firmware images in customer registries and CI pipelines. Coverage includes custom-built images that repackage Edimax BR-6478AC firmware components.

Available

Triage

Triage is available with the CVSS v4.0 base score of 8.7 (High) attached to each finding, then reweighted against each customer's compliance policy for exposed network services and embedded devices. Findings route to the security inbox configured for the owning team inside each customer organization.

Available

Patch

No vendor fix is currently published for BR-6478AC 1.23, so HarborGuard re-checks the advisory each ingest cycle and will make a patched-image rebuild available as soon as Edimax ships corrected firmware. Customers with auto-remediation enabled will then get the rebuild, regression-test run, and a PR opened against affected workloads automatically.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must reach the device's HTTP management interface over the network to send the crafted POST request.
AuthenticationRequired
A low-privilege account on the router is sufficient to invoke the formUSBFolder handler.
Victim interactionNot required
No user action is needed; the attacker drives the request directly against the device.
Attack complexityDetail
Attack complexity is low and a public exploit exists, so the overflow triggers reliably without environmental tuning.

Blast Radius

Executes attacker-controlled code in the context of the router's web service, yielding full control of the device.
Reads any data the firmware can access, including stored credentials, Wi-Fi keys, and USB share contents.
Modifies device configuration, routing, and firmware state, enabling persistent backdoors or traffic interception.
Crashes the management service or the device itself, disrupting connectivity for everything behind the router.

How HarborGuard Handles This

Available on HarborGuard: continuous monitoring of the Edimax advisory for a vendor fix, with the patched-image rebuild becoming available automatically once upstream firmware ships and, for environments with auto-remediation enabled, a rebuild plus regression run plus PR opened against affected workloads. In the interim, compensating controls are surfaced in each finding: restrict the router's HTTP management interface to a management VLAN, block management-plane access from untrusted networks via network policy, and rotate any low-privilege device accounts that could be abused to reach formUSBFolder. For high-severity issues like this one, the median time from upstream fix publication to merged patch PR is around 90 minutes for environments with auto-remediation enabled.

See how HarborGuard automates this

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Edimax / BR-6478AC
1.23

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References