Primary

Context

Edimax EW-7438RPn Mini Wi-Fi Extender Unauthenticated Wi-Fi Password Disclosure Vulnerability

Vulnerability

A vulnerability in the Edimax EW-7438RPn Mini Wi-Fi range extender, specifically in version 1.27, allows unauthenticated attackers to access the /wizard_reboot.asp page in 'unsetup' mode. This access discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by sending a GET request to this endpoint, exposing sensitive information without authentication.

Impact

Exploitation of this vulnerability leads to unauthorized disclosure of the Wi-Fi password, allowing attackers to gain access to the wireless network.

Reproduction

The vulnerability can be reproduced by sending a GET request to the /wizard_reboot.asp page while the device is in 'unsetup' mode'. This can be done without any authentication, directly accessing the page to retrieve the Wi-Fi SSID and security key.

Added: Feb 5, 2026, 7:41 PM

Updated: Feb 5, 2026, 9:15 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

9.1

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

9.1

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Edimax EW-7438RPn Mini Wi-Fi Extender Unauthenticated Wi-Fi Password Disclosure Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Edimax EW-7438RPn Mini

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating