CVE-2020-37150

High CVSS: 8.7

Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizard_reboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by sending a GET request to this endpoint, exposing sensitive information without authentication.

Vendor

Edimax

Product

Ew-7438rpn Mini Firmware

CWE

CWE-201

Yayın Tarihi

2026-02-05 17:16:10

Güncelleme

2026-02-18 17:57:00

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-201 Ew-7438rpn Mini Firmware HIGH Edimax 2026

Referanslar

https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/ https://www.exploit-db.com/exploits/48318 https://www.vulncheck.com/advisories/edimax-technology-ew-rpn-mini-unauthorized-access-wi-fi-password-disclosure

Benzer Kayıtlar

Critical

CVE-2026-32841

Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthent…

High

CVE-2026-32842

Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows att…

High

CVE-2026-32838

Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implemen…

Medium

CVE-2026-32839

Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remot…

Medium

CVE-2026-32840

Edimax GS-5008PL firmware version 1.00.54 and prior contain a stored cross-site scripting vulnerability in the system_na…

Medium

CVE-2026-1972

A vulnerability was found in Edimax BR-6208AC 2_1.02. The affected element is the function auth_check_userpass2. Perform…