PT-2026-42917 · Edimax · Ew-7438Rpn

Yhryhryhr_Miemie

·

Published

2026-05-24

·

Updated

2026-05-24

·

CVE-2026-9359

CVSS v2.0

6.5

Medium

VectorAV:N/AC:L/Au:S/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Edimax EW-7438RPn version 1.28a
Description A command injection issue exists in the POST Request Handler component. The formHwSet() function within the '/goform/formHwSet' endpoint is susceptible to this flaw. A remote attacker can trigger this by manipulating several arguments, including Anntena, Mcs, regDomain, nic0Addr, nic1Addr, wlanAddr, wanAddr, wlanSSID, wlanChan, comd, initgain, txcck, and txofdm.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Command Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-9359

Affected Products

Ew-7438Rpn