CVE-2026-9402

6.3 MEDIUM

A vulnerability was found in Edimax BR-6675nD 1.12

Published: 2026-05-24 · Last updated: 2026-05-26

Severity and scoring

CVSS: 6.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74, CWE-77

Description

A vulnerability was found in Edimax BR-6675nD 1.12. The affected element is the function formWlanMP of the file /goform/formWlanMP of the component POST Request Handler. The manipulation of the argument ateFunc/ateGain/ateRate/ateChan/ateTxCount/e2pTx2Power1/e2pTx2Power2/e2pTx2Power3/e2pTx2Power4/e2pTx2Power5/e2pTx2Power6/e2pTx2Power7/e2pTxPower1/e2pTxPower2/e2pTxPower3/e2pTxPower4/e2pTxPower5/e2pTxPower6/e2pTxPower7/ateTxFreqOffset/ateMode/ateMacID/ateBW/ateAntenna/e2pTxFreqOffset/e2pTxPwDeltaB/e2pTxPwDeltaG/e2pTxPwDeltaMix/readE2P/e2pTxPwDeltaN results in command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Source: NVD

References

Related CVEs

Same CWE

CVE-2024-24909 — Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin (8.8 HIGH)
CVE-2025-56814 — A code injection vulnerability in the wxExecute() function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding sh... (7.8 HIGH)
CVE-2026-12223 — A vulnerability was identified in Yealink SIP-T46U 108.86.0.118 (5.5 MEDIUM)
CVE-2026-12219 — A flaw has been found in Yealink SIP-T46U 108.86.0.118 (6.3 MEDIUM)
CVE-2026-12206 — A vulnerability was identified in Grit42 Grit up to 0.11.0 (6.3 MEDIUM)