Primary

Context

Edimax EW-7438RPn Stack-Based Buffer Overflow Vulnerability in formLogout Function

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Edimax EW-7438RPn range extender, specifically in version 1.31. The issue arises in the formLogout function within the file /goform/formLogout, where the submit-url parameter is not properly validated. This lack of input sanitization allows remote attackers to manipulate the submit-url argument, leading to a buffer overflow by overwriting the function's return address. The vulnerability has been publicly disclosed and can be exploited remotely.

Impact

Exploitation of this vulnerability causes the device to crash, disrupting its normal functioning and service availability.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /goform/formLogout endpoint with an excessively long submit-url parameter. This oversized input will overflow the stack, overwrite the return address, and cause the device to crash, as demonstrated in the published proof of concept.

Added: May 26, 2026, 6:52 PM

Updated: May 26, 2026, 6:52 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.2

remediation

0.0

relevance

9.6

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.2

remediation

0.0

relevance

9.6

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Edimax EW-7438RPn Stack-Based Buffer Overflow Vulnerability in formLogout Function

Vulnerability

Impact

Reproduction

Affected Products

Edimax EW-7438RPn

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating