{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/edimax/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-7684"}],"_cs_exploited":false,"_cs_products":["BR-6428nC (\u003c= 1.16)"],"_cs_severities":["critical"],"_cs_tags":["buffer overflow","cve-2026-7684","webserver"],"_cs_type":"advisory","_cs_vendors":["Edimax"],"content_html":"\u003cp\u003eA buffer overflow vulnerability, tracked as CVE-2026-7684, affects Edimax BR-6428nC devices up to version 1.16. The vulnerability resides in the \u003ccode\u003e/goform/setWAN\u003c/code\u003e file, specifically within the handling of the \u003ccode\u003epptpDfGateway\u003c/code\u003e argument. An unauthenticated attacker can exploit this flaw remotely by sending a crafted request to the device. Publicly available exploit code exists, increasing the risk of widespread exploitation. The vendor was notified but did not respond, suggesting that a patch is unlikely and highlighting the need for mitigation strategies.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies an Edimax BR-6428nC device running a vulnerable firmware version (\u0026lt;= 1.16).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP POST request targeting the \u003ccode\u003e/goform/setWAN\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe request includes the \u003ccode\u003epptpDfGateway\u003c/code\u003e parameter with a value exceeding the expected buffer size.\u003c/li\u003e\n\u003cli\u003eThe device processes the request, and the oversized \u003ccode\u003epptpDfGateway\u003c/code\u003e value overflows the buffer, overwriting adjacent memory regions.\u003c/li\u003e\n\u003cli\u003eThe attacker carefully crafts the overflow to overwrite the return address, redirecting execution flow.\u003c/li\u003e\n\u003cli\u003eExecution is redirected to attacker-controlled code injected within the overflowed buffer.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the device, potentially achieving full system control.\u003c/li\u003e\n\u003cli\u003eThe attacker could then use this control to modify device settings, intercept network traffic, or establish a persistent backdoor.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can allow an attacker to gain complete control of the Edimax BR-6428nC device. This could enable the attacker to intercept and modify network traffic, access sensitive information, or use the device as a point of entry for further attacks within the network. Given the public availability of exploit code, the risk of widespread exploitation is significant.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eEdimax_BR_6428nC_Buffer_Overflow_setWAN\u003c/code\u003e to detect suspicious HTTP requests targeting the vulnerable endpoint and parameter.\u003c/li\u003e\n\u003cli\u003eConsider blocking or rate-limiting access to the \u003ccode\u003e/goform/setWAN\u003c/code\u003e endpoint from untrusted networks.\u003c/li\u003e\n\u003cli\u003eSince the vendor is unresponsive and a patch is unlikely, network segmentation and access control policies are the best mitigation options.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-03T07:16:25Z","date_published":"2026-05-03T07:16:25Z","id":"/briefs/2026-05-edimax-br-6428nc-buffer-overflow/","summary":"A remote buffer overflow vulnerability exists in Edimax BR-6428nC devices up to version 1.16 via manipulation of the pptpDfGateway argument in the /goform/setWAN file, potentially allowing for arbitrary code execution.","title":"Edimax BR-6428nC Buffer Overflow Vulnerability (CVE-2026-7684)","url":"https://feed.craftedsignal.io/briefs/2026-05-edimax-br-6428nc-buffer-overflow/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-7685"}],"_cs_exploited":false,"_cs_products":["BR-6208AC (\u003c= 1.02)"],"_cs_severities":["critical"],"_cs_tags":["buffer overflow","cve-2026-7685","router","webserver"],"_cs_type":"advisory","_cs_vendors":["Edimax"],"content_html":"\u003cp\u003eA buffer overflow vulnerability, CVE-2026-7685, has been identified in Edimax BR-6208AC routers up to version 1.02. The vulnerability resides within the \u003ccode\u003e/goform/setWAN\u003c/code\u003e file, specifically related to the \u003ccode\u003epptpDfGateway\u003c/code\u003e argument. Successful exploitation of this flaw could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Publicly available exploits exist, increasing the risk of widespread exploitation. The vendor was notified but has not responded. Given the ease of exploitation and the potential for significant impact, this vulnerability poses a critical threat to affected devices.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies an Edimax BR-6208AC router with firmware version 1.02 or earlier exposed to the internet.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP POST request targeting the \u003ccode\u003e/goform/setWAN\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eWithin the POST request, the attacker includes the \u003ccode\u003epptpDfGateway\u003c/code\u003e argument, injecting a payload exceeding the buffer\u0026rsquo;s expected size.\u003c/li\u003e\n\u003cli\u003eThe router\u0026rsquo;s web server processes the malicious request without proper input validation on the size of the \u003ccode\u003epptpDfGateway\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eThe oversized payload overwrites adjacent memory regions on the stack, potentially including return addresses or other critical data.\u003c/li\u003e\n\u003cli\u003eWhen the function attempts to return, it jumps to an address controlled by the attacker, leading to arbitrary code execution.\u003c/li\u003e\n\u003cli\u003eThe attacker executes commands to gain control of the device, potentially installing malware or modifying router settings.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can lead to complete compromise of the Edimax BR-6208AC router. An attacker could leverage this access to perform a variety of malicious activities, including eavesdropping on network traffic, injecting malicious code into web pages served by the router, or using the router as a bot in a larger botnet. Given the availability of public exploits, unpatched devices are at immediate risk of compromise.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Edimax BR-6208AC setWAN Buffer Overflow Attempt\u003c/code\u003e to identify exploitation attempts in web server logs.\u003c/li\u003e\n\u003cli\u003eInspect web server logs for POST requests to \u003ccode\u003e/goform/setWAN\u003c/code\u003e containing unusually long \u003ccode\u003epptpDfGateway\u003c/code\u003e parameters, as detected by the Sigma rule \u003ccode\u003eDetect Long pptpDfGateway Parameter\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eApply appropriate network segmentation to limit the blast radius of compromised devices and prevent lateral movement.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-03T07:16:25Z","date_published":"2026-05-03T07:16:25Z","id":"/briefs/2026-05-edimax-bo/","summary":"A buffer overflow vulnerability exists in Edimax BR-6208AC devices (\u003c= 1.02) via manipulation of the pptpDfGateway argument in the /goform/setWAN endpoint, potentially allowing remote attackers to execute arbitrary code.","title":"Edimax BR-6208AC Buffer Overflow Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-edimax-bo/"}],"language":"en","title":"CraftedSignal Threat Feed — Edimax","version":"https://jsonfeed.org/version/1.1"}