Primary

Context

Edimax EW-7438RPn Stack-Based Buffer Overflow Vulnerability in WPS Function

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Edimax EW-7438RPn Wi-Fi range extender, affecting versions through 1.31. The issue arises in the 'webs' component, specifically within the 'formWpsStart' function. The vulnerability can be exploited remotely by manipulating the 'pinCode' and 'wlan-url' parameters, leading to a crash of the device and potential arbitrary code execution.

Impact

Exploitation of this vulnerability causes the device to crash, disrupting its normal functioning and service availability. However, due to the nature of stack-based buffer overflows, there is a potential risk for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/goform/formWpsStart' with an excessively long 'wlan-url' parameter. This overloads the stack, causing a buffer overflow that crashes the router.

Added: May 26, 2026, 9:07 PM

Updated: May 26, 2026, 9:07 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.2

remediation

0.0

relevance

9.4

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.2

remediation

0.0

relevance

9.4

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Edimax EW-7438RPn Stack-Based Buffer Overflow Vulnerability in WPS Function

Vulnerability

Impact

Reproduction

Affected Products

Edimax EW-7438RPn

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating