CVE-2025-34024

Critical CVSS: 9.4

An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can inject shell commands using shell metacharacters to achieve arbitrary command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC.

Vendor

Edimax

Product

Ew-7438rpn Mini Firmware

CWE

CWE-78

Yayın Tarihi

2025-06-20 19:15:37

Güncelleme

2025-11-20 22:15:55

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-78 Ew-7438rpn Mini Firmware CRITICAL Edimax 2025

Referanslar

https://vulncheck.com/advisories/edimax-ew-7438rpn-command-injections https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=32163 https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/ https://www.exploit-db.com/exploits/48377

Benzer Kayıtlar

Critical

CVE-2026-32841

Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthent…

High

CVE-2026-32842

Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows att…

High

CVE-2026-32838

Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implemen…

Medium

CVE-2026-32839

Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remot…

Medium

CVE-2026-32840

Edimax GS-5008PL firmware version 1.00.54 and prior contain a stored cross-site scripting vulnerability in the system_na…

Medium

CVE-2026-1972

A vulnerability was found in Edimax BR-6208AC 2_1.02. The affected element is the function auth_check_userpass2. Perform…