CVE-2026-9380

Edimax BR-6675nD POST Request formL2TPSetup buffer overflow

CVSS 8.7 HIGHEPSS 0.4%CWE-119 CWE-120

Vexday Risk Score

41Atención

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS 8.7EPSS 0.4%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Ciclo de vida

24 may 2026Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

A security vulnerability has been detected in Edimax BR-6675nD 1.12. Affected is the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Productos afectados

Edimax · BR-6675nD

PoCs públicas encontradas — 1

cve_referencelavender-bicycle-a5a.notion.site/EDIMAX-BR-6675nD-formL2TPSetup-34b53a41781f805abdfbdcbe930ad70a?source=copy_linkno verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://lavender-bicycle-a5a.notion.site/EDIMAX-BR-6675nD-formL2TPSetup-34b53a41781f805abdfbdcbe930ad70a?source=copy_link https://vuldb.com/submit/811558 https://vuldb.com/vuln/365343 https://vuldb.com/vuln/365343/cti