HIGHCVE-2026-9459Published 2026-05-25Modified 2026-05-26CNA VulDB

CVE-2026-9459: Edimax EW-7438RPn formConnectionSetting stack-based overflow

A security flaw has been discovered in Edimax EW-7438RPn 1.31. This affects the function formConnectionSetting of the file /goform/formConnectionSetting. Performing a manipulation of the argument max_Conn/timeOut results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Edimax / EW-7438RPn
1.31

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References

VDB-365440 | Edimax EW-7438RPn formConnectionSetting stack-based overflow
VDB-365440 | CTI Indicators (IOB, IOC, IOA)
Submit #813896 | Edimax EW-7438RPn 1.31 Stack-based Buffer Overflow
github.com

Metrics