Edimax: community verdicts
12 notable / known-exploited Edimax CVEs the community has triaged.
- CVE-2025-1316CRIT 9.8KEVEPSS 72%
Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device
- CVE-2024-48419HIGH 8.8EPSS 5%
Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of these issues allows an attacker with access to the web interface to inject and execute arbitrary shell commands, with "root" privileges.
- CVE-2025-22905CRIT 9.8Real · low riskEPSS 4%
RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp.
- CVE-2025-22906CRIT 9.8Real · low riskEPSS 2%
RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN.
- CVE-2025-22912CRIT 9.8Real · low riskEPSS 2%
RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept.
- CVE-2025-22907CRIT 9.8Real · low riskEPSS 1%
RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSurvey function.
- CVE-2025-22916CRIT 9.8Real · low riskEPSS 1%
RE11S v1.11 was discovered to contain a stack overflow via the pppUserName parameter in the formPPPoESetup function.
- CVE-2025-22904CRIT 9.8Real · low riskEPSS 1%
RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function.
- CVE-2024-48420HIGH 8.8Real · low riskEPSS 0%
Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/getWifiBasic.
- CVE-2024-48416HIGH 8.8Real · low riskEPSS 0%
Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/fromSetLanDhcpsClientbinding.
- CVE-2024-48418HIGH 8.8Real · low riskEPSS 0%
In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the request /goform/fromSetDDNS does not properly handle special characters in any of user provided parameters, allowing an attacker with access to the web interface to inject and execute arbitrary shell commands.
- CVE-2024-48417MED 5.2EPSS 0%
Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Cross Site Scripting (XSS) in : /bin/goahead via /goform/setStaticRoute, /goform/fromSetFilterUrlFilter, and /goform/fromSetFilterClientFilter.