CVE-2026-36734
Command Injection in EDIMAX BR-6428nS V3
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| edimax | br-6428ns_v3 | 1.15 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the command injection vulnerability in the EDIMAX BR-6428nS V3 router affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-36734 is a command injection vulnerability found in the EDIMAX BR-6428nS V3 router running firmware version 1.15. It occurs in the web-based management interface, specifically within the WLAN configuration functionality. Due to insufficient input validation, an authenticated attacker with network access can submit specially crafted input containing shell metacharacters. This allows the attacker to execute arbitrary system commands on the device with the privileges of the web service.
How can this vulnerability impact me? :
Exploiting this vulnerability can have serious impacts. An attacker could modify device settings, disrupt network operations, or establish persistent access to the router. This means the attacker could potentially control the device, interfere with your network's normal functioning, or maintain long-term unauthorized access.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the web-based management interface of the EDIMAX BR-6428nS V3 router for suspicious input containing shell metacharacters submitted to the WLAN configuration functionality.
Since the vulnerability requires authentication and crafted input, detection can involve checking logs for unusual or malformed requests to the WLAN configuration parameters.
Specific commands are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the router's web management interface to trusted users only, ensuring strong authentication is in place.
Avoid submitting any untrusted or suspicious input to the WLAN configuration functionality.
Monitor for firmware updates or patches from the vendor to address this command injection vulnerability.