CVE-2020-37150

Name of the Vulnerable Software and Affected Versions Edimax EW-7438RPn-v3 Mini version 1.27

Description The Edimax EW-7438RPn-v3 Mini version 1.27 allows unauthenticated attackers to access the /wizard reboot.asp API endpoint in unsetup mode. This access discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by sending a GET request to this endpoint, exposing sensitive information without authentication.

Recommendations Update to a newer version that contains a fix for this vulnerability.