Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
CVE-2026-10165: Edimax BR-6478AC 1.23: Remote Code Execution via User Input
CVE-2026-10165
Summary
A security flaw in the Edimax BR-6478AC router's configuration tool allows an attacker to potentially execute malicious code on the router from a remote location. This could lead to unauthorized access or disruption of the network. Edimax should be notified to update the firmware and apply patches to fix this issue.
Original title
A vulnerability was identified in Edimax BR-6478AC 1.23. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such man...
Original description
A vulnerability was identified in Edimax BR-6478AC 1.23. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publicly available and might be used.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
7.4
Vulnerability type
CWE-119
Buffer Overflow
CWE-121
Stack-based Buffer Overflow
Published: 31 May 2026 · Updated: 1 Jun 2026 · First seen: 31 May 2026