CVE-2025-34024

Name of the Vulnerable Software and Affected Versions: Edimax EW-7438RPn versions 1.13 and prior

Description: An OS command injection issue exists, allowing an authenticated attacker to inject shell commands and achieve arbitrary command execution as the root user. This is due to the improper handling of user-supplied input to the command parameter in the "/goform/mp" endpoint.

Recommendations: For Edimax EW-7438RPn versions 1.13 and prior, as a temporary workaround, consider restricting access to the "/goform/mp" endpoint until a patch is available. Avoid using the command parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.