CVE-2026-7683

Name of the Vulnerable Software and Affected Versions Edimax BR-6428nC versions prior to 1.17

Description A command injection flaw exists in the Web Interface component. A remote attacker can exploit this by manipulating the pppUserName or pptpUserName arguments within the '/goform/setWAN' endpoint. Command injection is a type of attack where an attacker executes arbitrary operating system commands on the target server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.