CVE-2020-37125

Name of the Vulnerable Software and Affected Versions Edimax EW-7438RPn-v3 Mini version 1.27

Description The Edimax EW-7438RPn-v3 Mini device version 1.27 contains a remote code execution issue. Unauthenticated attackers can execute arbitrary commands by sending specially crafted POST requests to the /goform/mp API endpoint. Exploitation involves command injection payloads that allow downloading and executing malicious scripts on the device. The POST request to the /goform/mp endpoint is the attack vector.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.