CVE-2026-7683
Command Injection in Edimax BR-6428nC Web Interface
Publication date: 2026-05-03
Last updated on: 2026-05-05
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| edimax | br-6428nc | to 1.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Edimax BR-6428nC device up to version 1.16. It involves a weakness in the web interface component, specifically in the /goform/setWAN file. The vulnerability allows an attacker to manipulate the pppUserName or pptpUserName arguments to perform command injection. This means an attacker can remotely execute arbitrary commands on the device.
How can this vulnerability impact me? :
The vulnerability can be exploited remotely to inject commands into the device, potentially allowing an attacker to take control of the affected device. This could lead to unauthorized access, disruption of network services, or further attacks within the network where the device is deployed.