CVE-2026-1971
Unknown Unknown - Not Provided
Remote XSS in Edimax BR-6288ACL wiz_WISP24gmanual Function

Publication date: 2026-02-06

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wiz_WISP24gmanual of the file wiz_WISP24gmanual.asp. Such manipulation of the argument manualssid leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor confirms that the affected product is end-of-life. They confirm that they "will issue a consolidated Security Advisory on our official support website." This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-06
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-02-06
EPSS Evaluated
2026-06-14
NVD
CVE-2026-1971
EUVD
EUVD-2026-5607
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
edimax br-6288acl_firmware to 1.12 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-1971 is a cross-site scripting (XSS) vulnerability found in the Edimax BR-6288ACL router, specifically in the function wiz_WISP24gmanual within the file wiz_WISP24gmanual.asp.'}, {'type': 'paragraph', 'content': 'The vulnerability occurs because the user-controllable input parameter "manualssid" is not properly sanitized or neutralized before being reflected in the web page output.'}, {'type': 'paragraph', 'content': 'This allows an attacker to inject malicious JavaScript code that executes in the context of the router’s web interface.'}, {'type': 'paragraph', 'content': 'The attack can be launched remotely but requires some user interaction and authentication steps.'}, {'type': 'paragraph', 'content': 'The affected product is no longer supported by the vendor, and no known mitigations exist, making replacement with alternative products the recommended action.'}] [1, 2]

Impact Analysis

This vulnerability impacts the integrity of the device’s web interface by allowing attackers to inject and execute malicious scripts.

Exploitation can lead to unauthorized actions performed in the context of the user’s browser, potentially resulting in information disclosure or manipulation of router settings.

Since the attack can be launched remotely and requires some user interaction, it poses a risk especially if an attacker can trick a user into accessing a malicious link or page.

Because the product is end-of-life and unsupported, no patches or fixes are available, increasing the risk of exploitation.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by checking if your network contains Edimax BR-6288ACL routers running firmware version up to 1.12 that expose the vulnerable web interface page wiz_WISP24gmanual.asp.

One method to locate potentially vulnerable devices is to use Google dorking with the query: inurl:wiz_WISP24gmanual.asp.

Additionally, you can attempt to access the URL path /wiz_WISP24gmanual.asp on your Edimax BR-6288ACL devices to verify if the vulnerable function is present.

Since the vulnerability involves the manualssid parameter, testing for reflected or stored cross-site scripting by injecting benign script tags or payloads into this parameter via the web interface could help confirm the presence of the vulnerability.

Mitigation Strategies

There are no known mitigations or countermeasures available for this vulnerability as the affected product is end-of-life and no longer supported by the vendor.

The recommended immediate step is to replace the Edimax BR-6288ACL router with an alternative, supported product to eliminate the risk.

Until replacement, restrict access to the router’s web interface to trusted networks only and avoid exposing it to the internet to reduce the risk of remote exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1971. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart