CVE-2026-8777

Name of the Vulnerable Software and Affected Versions Edimax BR-6428NS version 1.10

Description An issue exists in the POST Request Handler component where the formStaDrvSetup() function in the '/goform/formStaDrvSetup' endpoint is susceptible to command injection. This occurs when the stadrv ssid argument is manipulated, allowing a remote attacker to execute arbitrary commands.

Recommendations Avoid using the stadrv ssid parameter in the '/goform/formStaDrvSetup' endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.