External risk intelligence

Edimax Router Remote Code Execution Vulnerability.

CVE advisorySeverity: HIGH (CVSS 7.4)

CVE-2026-10125

A vulnerability affecting a network device's POST Request Handler may allow remote attackers to cause a stack-based buffer overflow by manipulating an argument. Publicly available exploit information suggests a risk to organizations with affected systems. The realistic business risk involves potential compromise of net

4Halo Surface Signal

Memory Corruption

External exposure likelihood

Halo Surface Signal score for CVE-2026-10125

The vulnerability affects the web-based management interface of a network router. Such administrative interfaces are frequently accessible over the network, and when deployed as an edge gateway, these router management portals are often exposed or reachable, making them a common target for network-based access.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

A vulnerability has been identified in the POST Request Handler component of a network device. Specifically, the function formPPPoESetup within the file /goform/formPPPoESetup is affected. This flaw allows for a stack-based buffer overflow when an argument is manipulated. The issue can be initiated remotely and an exploit is publicly available.

  • Vulnerable function: formPPPoESetup
  • Core weakness: Stack-based buffer overflow
  • Main business impact: Remote code execution

Attack Path

How an attacker could exploit the issue

This vulnerability allows an attacker to remotely gain control of a device. An attacker can exploit this by sending a specially crafted request to the device. Successful exploitation could lead to an attacker taking control of the affected system.

  • Exposure: Device accessible via network.
  • Attacker access: Unauthenticated.
  • Trigger and result: Manipulate username, gain control.

Live Threat

Current exploitation, exposure, and threat context

The identified vulnerability could allow unauthorized individuals to remotely compromise network devices. Successful exploitation could lead to significant disruption and data compromise across affected systems. The availability of public exploit information suggests a heightened risk of active targeting.

  • Likely attacker skill level: Low
  • Required access or conditions: Remote network access
  • Business risk or urgency: High

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

A vulnerability has been identified that could impact network devices. Attackers can exploit this by remotely manipulating the `pppUserName` argument in the `/goform/formPPPoESetup` component, potentially leading to a stack-based buffer overflow. The exploit for this vulnerability is publicly available, increasing the risk to organizations.

  • Find affected network assets.
  • Reduce exposure or isolate risk.
  • Apply vendor fix, verify, and monitor.

Frequently asked questions

What is the CVE ID and general description of the vulnerability affecting Edimax devices?

The vulnerability is identified as CVE-2026-10125. It affects the Edimax BR-6478AC router, specifically within the POST Request Handler component's `/goform/formPPPoESetup` file. The flaw lies in the manipulation of the `pppUserName` argument, leading to a stack-based buffer overflow.

What is the core weakness and its impact in CVE-2026-10125?

The core weakness is a stack-based buffer overflow (CWE-119, CWE-121). This allows a remote, unauthenticated attacker to manipulate the `pppUserName` argument, potentially leading to remote code execution and complete control over the affected device.

How can an attacker exploit this vulnerability, and what is the scope of the impact?

An attacker can exploit this by sending a specially crafted POST request to the `/goform/formPPPoESetup` endpoint, manipulating the `pppUserName` argument. This can trigger a stack-based buffer overflow. The vulnerability is remotely accessible, and successful exploitation could allow an attacker to gain control of the device.

What is the threat level and relevance of CVE-2026-10125 based on available intelligence?

The vulnerability has a Halo Surface Signal score of 4, indicating it is 'Likely' to be targeted. This is because it affects the web-based management interface of a network router, which is often network-accessible and a common target for attackers. The public availability of exploit information heightens the risk of active targeting.

What are the practical steps to mitigate the risk posed by this Edimax router vulnerability?

To mitigate this risk, organizations should first identify all affected network assets. Then, reduce the exposure of these devices or isolate them from the network. Applying vendor-provided fixes, verifying the successful application of patches, and continuous monitoring are also crucial steps.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified