HarborGuard / CVE
Back to search
HIGHCVE-2026-10165Published Modified CNA VulDB

CVE-2026-10165: Edimax BR-6478AC POST Request formWanTcpipSetup stack-based overflow

A vulnerability was identified in Edimax BR-6478AC 1.23. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publicly available and might be used.

HarborGuard Analysis

HarborGuard analysis

Synopsis

A stack-based buffer overflow exists in the Edimax BR-6478AC router (firmware 1.23) in the formWanTcpipSetup function handling POST requests to /goform/formWanTcpipSetup. An authenticated attacker reachable over the network can send a crafted pppUserName argument to overflow the stack, enabling code execution or full compromise of the device's confidentiality, integrity, and availability. No vendor fix has been published; HarborGuard tracks the advisory for patch availability.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment, with the CVE ingested from upstream feeds within minutes of publication and matched against images in customer registries and CI pipelines. Coverage extends to custom-built images that bundle Edimax BR-6478AC firmware or related components.

Available
Triage

Triage is available with the CVSS v4.0 score of 8.7 (High) applied and reweighted against each customer's compliance policy, so internet-exposed or networking-appliance workloads can be escalated above generic high-severity defaults. Findings are routed to the appropriate inbox inside each customer org based on image ownership.

Available
Patch

No upstream fix exists yet, so a patched-image rebuild cannot be produced. HarborGuard re-checks the advisory each ingest cycle and will make a patched rebuild available the moment Edimax publishes fixed firmware, at which point auto-remediation customers receive a rebuild, regression-test run, and a PR opened against affected workloads.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the device's HTTP management interface over the network to deliver the malicious POST request.

  • AuthenticationRequired

    A low-privilege account on the router is sufficient to invoke the vulnerable handler.

  • Victim interactionNot required

    No user action is needed; the attacker sends the crafted request directly to the device.

  • Attack complexityDetail

    Attack complexity is low and a public exploit exists, so the overflow is reliable and condition-free.

Blast Radius

  • Executes attacker-controlled code in the context of the router's web management process, typically running with high privilege on the device.
  • Reads stored configuration, credentials, and PPP/WAN secrets held by the device.
  • Modifies routing, DNS, and firewall configuration to redirect or intercept traffic from connected clients.
  • Crashes or bricks the device, disrupting network connectivity for everyone behind it.

How HarborGuard Handles This

Available on HarborGuard: continuous monitoring of the Edimax advisory with automatic rebuild availability once a fixed firmware ships, plus compensating-control suggestions in the interim. Recommended mitigations surfaced in findings include restricting access to the router's management interface via network-policy isolation, blocking inbound HTTP/HTTPS to the device from untrusted networks, and rotating any credentials that may have been exposed to the management plane. For environments with auto-remediation enabled, a rebuilt image and PR will be generated against affected workloads as soon as the upstream patch is published.

See how HarborGuard automates this

Metrics

CVSS v4.0
8.7
Severity
HIGH
Fixed in
Affected Products
1
Affected packages
  • Edimax / BR-6478AC
    1.23
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
References