CVE-2026-7683

🗓️ 03 May 2026 06:30:11Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 23 Views🌐 WEB

Remote command injection in the Edimax BR-6428nC web interface via setWAN fields, with public exploit.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2026-7683	3 May 202606:30	–	attackerkb
CNNVD	Edimax BR-6428nC 注入漏洞	3 May 202600:00	–	cnnvd
Cvelist	CVE-2026-7683 Edimax BR-6428nC Web setWAN command injection	3 May 202606:30	–	cvelist
EUVD	EUVD-2026-26821	3 May 202606:30	–	euvd
NVD	CVE-2026-7683	3 May 202607:16	–	nvd
Positive Technologies	PT-2026-36687	3 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-7683	4 May 202620:21	–	redhatcve
Vulnrichment	CVE-2026-7683 Edimax BR-6428nC Web setWAN command injection	3 May 202606:30	–	vulnrichment

Vulners

Node

edimax br-6428ncMatch1.0

edimax br-6428ncMatch1.1

edimax br-6428ncMatch1.2

edimax br-6428ncMatch1.3

edimax br-6428ncMatch1.4

edimax br-6428ncMatch1.5

edimax br-6428ncMatch1.6

edimax br-6428ncMatch1.7

edimax br-6428ncMatch1.8

edimax br-6428ncMatch1.9

edimax br-6428ncMatch1.10

edimax br-6428ncMatch1.11

edimax br-6428ncMatch1.12

edimax br-6428ncMatch1.13

edimax br-6428ncMatch1.14

edimax br-6428ncMatch1.15

edimax br-6428ncMatch1.16

[
  {
    "vendor": "Edimax",
    "product": "BR-6428nC",
    "versions": [
      {
        "version": "1.0",
        "status": "affected"
      },
      {
        "version": "1.1",
        "status": "affected"
      },
      {
        "version": "1.2",
        "status": "affected"
      },
      {
        "version": "1.3",
        "status": "affected"
      },
      {
        "version": "1.4",
        "status": "affected"
      },
      {
        "version": "1.5",
        "status": "affected"
      },
      {
        "version": "1.6",
        "status": "affected"
      },
      {
        "version": "1.7",
        "status": "affected"
      },
      {
        "version": "1.8",
        "status": "affected"
      },
      {
        "version": "1.9",
        "status": "affected"
      },
      {
        "version": "1.10",
        "status": "affected"
      },
      {
        "version": "1.11",
        "status": "affected"
      },
      {
        "version": "1.12",
        "status": "affected"
      },
      {
        "version": "1.13",
        "status": "affected"
      },
      {
        "version": "1.14",
        "status": "affected"
      },
      {
        "version": "1.15",
        "status": "affected"
      },
      {
        "version": "1.16",
        "status": "affected"
      }
    ],
    "modules": [
      "Web Interface"
    ]
  }
]

Source	Link
tzh00203	www.tzh00203.notion.site/Edimax-BR-6428nC-v1-16-setWAN-pptpUserName-Command-Injection-33db5c52018a80949cfbcc2091340c80
vuldb	www.vuldb.com/vuln/360842/cti
vuldb	www.vuldb.com/submit/801598
tzh00203	www.tzh00203.notion.site/Edimax-BR-6428nC-v1-16-setWAN-pppUserName-Command-Injection-33db5c52018a80dab299ef508e810d00
vuldb	www.vuldb.com/submit/801597
vuldb	www.vuldb.com/vuln/360842

Parameter	Position	Path	Description	CWE
pppUserName	request body	/goform/setWAN	Command injection vulnerability in /goform/setWAN allowing remote attacker to execute arbitrary commands by supplying crafted values for pppUserName or pptpUserName.	CWE-74, CWE-77
pptpUserName	request body	/goform/setWAN	Command injection vulnerability in /goform/setWAN allowing remote attacker to execute arbitrary commands by supplying crafted values for pppUserName or pptpUserName.	CWE-74, CWE-77

17 Jun 2026 11:02Current

5.5Medium risk

Vulners AI Score5.5

CVSS 45.3

CVSS 3.16.3

CVSS 26.5

CVSS 36.3

EPSS0.01543

SSVC