CVE-2026-9442
Deferred Deferred - Pending Action
Buffer Overflow in Edimax BR-6478AC Router

Publication date: 2026-05-25

Last updated on: 2026-05-25

Assigner: VulDB

Description
A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. Executing a manipulation of the argument selSSID can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-25
Last Modified
2026-05-25
Generated
2026-06-15
AI Q&A
2026-05-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-9442
EUVD
EUVD-2026-31653
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
edimax br-6478ac 1.23
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Edimax BR-6478AC device, specifically in the function formiNICSiteSurvey within the POST Request Handler component. It involves a weakness where manipulating the argument selSSID can cause a buffer overflow. This means that an attacker can send specially crafted data remotely to overflow the buffer, potentially leading to unexpected behavior or control over the device.

Impact Analysis

The vulnerability can be exploited remotely to cause a buffer overflow, which may allow an attacker to execute arbitrary code or disrupt the normal operation of the device. This could lead to unauthorized access, data compromise, or denial of service on the affected device.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9442. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart