Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
CVE-2026-9380: Edimax BR-6675nD Router: Remote Attack via L2TP Configuration
CVE-2026-9380
Summary
A security flaw in the Edimax BR-6675nD router's configuration feature allows an attacker to remotely take control of the device. This can happen if an attacker sends a specially crafted message to the router. Edimax has not yet responded to the vulnerability disclosure, so users should be cautious and consider updating the router or seeking assistance from the manufacturer.
Original title
A security vulnerability has been detected in Edimax BR-6675nD 1.12. Affected is the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulatio...
Original description
A security vulnerability has been detected in Edimax BR-6675nD 1.12. Affected is the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
7.4
Vulnerability type
CWE-119
Buffer Overflow
CWE-120
Classic Buffer Overflow
Published: 24 May 2026 · Updated: 31 May 2026 · First seen: 26 May 2026