Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
CVE-2026-9401: Edimax BR-6675nD 1.12: Remote Code Execution via Unsecured Function
CVE-2026-9401
Summary
A security issue in the Edimax BR-6675nD 1.12 router allows an attacker to execute malicious code remotely by manipulating a specific setting. This could potentially allow unauthorized access to the router and the network it connects to. It is recommended to update to a patched version of the router software as soon as possible.
Original title
A vulnerability has been found in Edimax BR-6675nD 1.12. Impacted is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. The manipulation of ...
Original description
A vulnerability has been found in Edimax BR-6675nD 1.12. Impacted is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
7.4
Vulnerability type
CWE-119
Buffer Overflow
CWE-120
Classic Buffer Overflow
Published: 24 May 2026 · Updated: 31 May 2026 · First seen: 26 May 2026