Volerion logoVolerion
Volerion logoVolerion

Edimax EW-7438RPn Mini Cross-Site Request Forgery Vulnerability Leading to Remote Code Execution

Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in the Edimax EW-7438RPn Mini Wi-Fi range extender, specifically in version 1.27. This vulnerability allows an attacker to trick an authenticated user into submitting a crafted form to the '/goform/mp' endpoint. As a result, arbitrary commands can be executed on the device with the user's privileges.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected device, executed with the privileges of the user who was tricked into submitting the crafted form.

Reproduction

To reproduce this vulnerability, an attacker must exploit the CSRF flaw by convincing an authenticated user to submit a form that includes a command payload. This form should be directed to the '/goform/mp' endpoint. Once the form is submitted, the command will be executed on the device with the user's privileges.

Added: Feb 5, 2026, 6:06 PM
Updated: Feb 5, 2026, 9:18 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
7.5
exploitability
7.2
remediation
7.7
relevance
2.7
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.