Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
CVE-2026-10163: Edimax BR-6478AC 1.23: Malicious code can be injected through login credentials
CVE-2026-10163
Summary
A security issue has been found in the Edimax BR-6478AC router, version 1.23. This issue allows an attacker to inject malicious code into the router by manipulating the username and password fields. We recommend that users update to the latest version of the router software to protect against potential attacks.
Original title
A vulnerability has been found in Edimax BR-6478AC 1.23. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. The manipulation of...
Original description
A vulnerability has been found in Edimax BR-6478AC 1.23. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. The manipulation of the argument UserName/Password leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
7.4
Vulnerability type
CWE-119
Buffer Overflow
CWE-120
Classic Buffer Overflow
Published: 31 May 2026 · Updated: 1 Jun 2026 · First seen: 31 May 2026