CVE-2026-1971
Remote XSS in Edimax BR-6288ACL wiz_WISP24gmanual Function
Publication date: 2026-02-06
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| edimax | br-6288acl_firmware | to 1.12 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-1971 is a cross-site scripting (XSS) vulnerability found in the Edimax BR-6288ACL router, specifically in the function wiz_WISP24gmanual within the file wiz_WISP24gmanual.asp.'}, {'type': 'paragraph', 'content': 'The vulnerability occurs because the user-controllable input parameter "manualssid" is not properly sanitized or neutralized before being reflected in the web page output.'}, {'type': 'paragraph', 'content': 'This allows an attacker to inject malicious JavaScript code that executes in the context of the routerβs web interface.'}, {'type': 'paragraph', 'content': 'The attack can be launched remotely but requires some user interaction and authentication steps.'}, {'type': 'paragraph', 'content': 'The affected product is no longer supported by the vendor, and no known mitigations exist, making replacement with alternative products the recommended action.'}] [1, 2]
How can this vulnerability impact me? :
This vulnerability impacts the integrity of the deviceβs web interface by allowing attackers to inject and execute malicious scripts.
Exploitation can lead to unauthorized actions performed in the context of the userβs browser, potentially resulting in information disclosure or manipulation of router settings.
Since the attack can be launched remotely and requires some user interaction, it poses a risk especially if an attacker can trick a user into accessing a malicious link or page.
Because the product is end-of-life and unsupported, no patches or fixes are available, increasing the risk of exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your network contains Edimax BR-6288ACL routers running firmware version up to 1.12 that expose the vulnerable web interface page wiz_WISP24gmanual.asp.
One method to locate potentially vulnerable devices is to use Google dorking with the query: inurl:wiz_WISP24gmanual.asp.
Additionally, you can attempt to access the URL path /wiz_WISP24gmanual.asp on your Edimax BR-6288ACL devices to verify if the vulnerable function is present.
Since the vulnerability involves the manualssid parameter, testing for reflected or stored cross-site scripting by injecting benign script tags or payloads into this parameter via the web interface could help confirm the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
There are no known mitigations or countermeasures available for this vulnerability as the affected product is end-of-life and no longer supported by the vendor.
The recommended immediate step is to replace the Edimax BR-6288ACL router with an alternative, supported product to eliminate the risk.
Until replacement, restrict access to the routerβs web interface to trusted networks only and avoid exposing it to the internet to reduce the risk of remote exploitation.