CVE-2026-36734
Deferred Deferred - Pending Action

Command Injection in EDIMAX BR-6428nS V3

Vulnerability report for CVE-2026-36734, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-11

Last updated on: 2026-07-05

Assigner: MITRE

Description

EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authenticated attacker with access to the network can submit crafted input to the WLAN configuration functionality. Due to insufficient input validation, the attacker is able to execute arbitrary system commands on the device.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-11
Last Modified
2026-07-05
Generated
2026-07-11
AI Q&A
2026-05-11
EPSS Evaluated
2026-07-10
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
edimax br-6428ns_v3 1.15

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-36734 is a command injection vulnerability found in the EDIMAX BR-6428nS V3 router running firmware version 1.15. It occurs in the web-based management interface, specifically within the WLAN configuration functionality. Due to insufficient input validation, an authenticated attacker with network access can submit specially crafted input containing shell metacharacters. This allows the attacker to execute arbitrary system commands on the device with the privileges of the web service.

Impact Analysis

Exploiting this vulnerability can have serious impacts. An attacker could modify device settings, disrupt network operations, or establish persistent access to the router. This means the attacker could potentially control the device, interfere with your network's normal functioning, or maintain long-term unauthorized access.

Detection Guidance

This vulnerability can be detected by monitoring the web-based management interface of the EDIMAX BR-6428nS V3 router for suspicious input containing shell metacharacters submitted to the WLAN configuration functionality.

Since the vulnerability requires authentication and crafted input, detection can involve checking logs for unusual or malformed requests to the WLAN configuration parameters.

Specific commands are not provided in the available resources.

Mitigation Strategies

Immediate mitigation steps include restricting access to the router's web management interface to trusted users only, ensuring strong authentication is in place.

Avoid submitting any untrusted or suspicious input to the WLAN configuration functionality.

Monitor for firmware updates or patches from the vendor to address this command injection vulnerability.

Compliance Impact

The provided information does not specify how the command injection vulnerability in the EDIMAX BR-6428nS V3 router affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36734. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart