CVE-2026-36734
Received Received - Intake
Command Injection in EDIMAX BR-6428nS V3

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: MITRE

Description
EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authenticated attacker with access to the network can submit crafted input to the WLAN configuration functionality. Due to insufficient input validation, the attacker is able to execute arbitrary system commands on the device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-11
Generated
2026-06-21
AI Q&A
2026-05-12
EPSS Evaluated
2026-06-20
NVD
CVE-2026-36734
EUVD
EUVD-2026-29203
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
edimax br-6428ns_v3 1.15
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how the command injection vulnerability in the EDIMAX BR-6428nS V3 router affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-36734 is a command injection vulnerability found in the EDIMAX BR-6428nS V3 router running firmware version 1.15. It occurs in the web-based management interface, specifically within the WLAN configuration functionality. Due to insufficient input validation, an authenticated attacker with network access can submit specially crafted input containing shell metacharacters. This allows the attacker to execute arbitrary system commands on the device with the privileges of the web service.

Impact Analysis

Exploiting this vulnerability can have serious impacts. An attacker could modify device settings, disrupt network operations, or establish persistent access to the router. This means the attacker could potentially control the device, interfere with your network's normal functioning, or maintain long-term unauthorized access.

Detection Guidance

This vulnerability can be detected by monitoring the web-based management interface of the EDIMAX BR-6428nS V3 router for suspicious input containing shell metacharacters submitted to the WLAN configuration functionality.

Since the vulnerability requires authentication and crafted input, detection can involve checking logs for unusual or malformed requests to the WLAN configuration parameters.

Specific commands are not provided in the available resources.

Mitigation Strategies

Immediate mitigation steps include restricting access to the router's web management interface to trusted users only, ensuring strong authentication is in place.

Avoid submitting any untrusted or suspicious input to the WLAN configuration functionality.

Monitor for firmware updates or patches from the vendor to address this command injection vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36734. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart