Lucene search
K

15 matches found

NVD
NVD
added 2026/05/18 2:16 a.m.22 views

CVE-2026-8774

A vulnerability was detected in Edimax BR-6228NC 1.22. Affected by this issue is the function mp of the file /goform/mp of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack may be performed from remote. The exploit is now public...

6.5CVSS0.01182EPSS
Exploits0References4
OSV
OSV
added 2026/02/05 5:16 p.m.2 views

CVE-2020-37149

Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery CSRF that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the /goform/mp endpoint, resulting in arbitrary command execution on the device with the user's...

8.8CVSS5.9AI score0.00289EPSS
Exploits1References3
NVD
NVD
added 2026/02/05 5:16 p.m.10 views

CVE-2020-37149

Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery CSRF that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the /goform/mp endpoint, resulting in arbitrary command execution on the device with the user's...

8.8CVSS0.00289EPSS
Exploits1References3
OSV
OSV
added 2026/02/05 5:16 p.m.3 views

CVE-2020-37125

Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands through the /goform/mp endpoint. Attackers can exploit the vulnerability by sending crafted POST requests with command injection payloads to download a...

9.8CVSS6.6AI score0.06301EPSS
Exploits1References3
NVD
NVD
added 2026/02/05 5:16 p.m.11 views

CVE-2020-37125

Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands through the /goform/mp endpoint. Attackers can exploit the vulnerability by sending crafted POST requests with command injection payloads to download a...

9.8CVSS0.06301EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/05 4:13 p.m.31 views

CVE-2020-37149 Edimax Technology EW-7438RPn-v3 Mini 1.27 - Cross-Site Request Forgery (CSRF) to Command Execution

Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery CSRF that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the /goform/mp endpoint, resulting in arbitrary command execution on the device with the user's...

8.1CVSS0.00289EPSS
Exploits1References3
EUVD
EUVD
added 2026/02/05 4:13 p.m.5 views

EUVD-2020-31040

Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery CSRF that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the /goform/mp endpoint, resulting in arbitrary command execution on the device with the user's...

8.1CVSS5.7AI score0.00289EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/05 4:13 p.m.4 views

CVE-2020-37149

Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery CSRF that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the /goform/mp endpoint, resulting in arbitrary command execution on the device with the user's...

8.1CVSS5.7AI score0.00289EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/05 4:13 p.m.3 views

CVE-2020-37125

Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands through the /goform/mp endpoint. Attackers can exploit the vulnerability by sending crafted POST requests with command injection payloads to download a...

9.8CVSS6.8AI score0.06301EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/02/05 4:13 p.m.16 views

CVE-2020-37125

The CVE-2020-37125 entry describes a remote code execution vulnerability in Edimax EW-7438RPn-v3 Mini 1.27. Affected component is the device firmware; the root cause is command injection in the /goform/mp endpoint that can be exploited by unauthenticated attackers sending crafted POST requests to...

9.8CVSS6.8AI score0.06301EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/05 4:13 p.m.29 views

CVE-2020-37125 Edimax Technology EW-7438RPn-v3 Mini 1.27 - Remote Code Execution

Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands through the /goform/mp endpoint. Attackers can exploit the vulnerability by sending crafted POST requests with command injection payloads to download a...

9.8CVSS0.06301EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.12 views

PT-2026-6589

Name of the Vulnerable Software and Affected Versions Edimax EW-7438RPn-v3 Mini version 1.27 Description The Edimax EW-7438RPn-v3 Mini device version 1.27 is susceptible to a cross-site request forgery CSRF issue. Successful exploitation allows an attacker to execute commands on the device with t...

8.1CVSS5.3AI score0.00289EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.9 views

Edimax EW-7438RPn-v3 Mini 操作系统命令注入漏洞

The Edimax EW-7438RPn-v3 Mini is a mini wireless signal extender produced by Edimax of Taiwan, China. Version 1.27 of the Edimax EW-7438RPn-v3 Mini has a vulnerability related to operating system command injection. This vulnerability stems from remote command execution at the /goform/mp endpoint,...

9.8CVSS6.1AI score0.06301EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.12 views

PT-2026-6569

Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands through the /goform/mp endpoint. Attackers can exploit the vulnerability by sending crafted POST requests with command injection payloads to download a...

9.8CVSS6.9AI score0.06301EPSS
Exploits1References4
OSV
OSV
added 2025/06/20 7:15 p.m.6 views

CVE-2025-34024

An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can inject shell commands using shell metacharacter...

8.8CVSS6.1AI score0.03859EPSS
Exploits1References4
Rows per page
Query Builder