Vulnerabilities ›

CVE-2026-9347

Medium

CWE-77 — Weakness Type

                    Published: May 24, 2026                      ·  Modified: May 27, 2026                      ·  Source: NVD                

CVSS v3

6.3

🔗 NVD Official

📄 Description (English)

A vulnerability has been found in Edimax EW-7438RPn up to 1.31. Affected is the function formWizSurvey of the file /goform/formWizSurvey of the component webs. The manipulation of the argument ip/mask/gateway leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

🤖 AI Executive Summary

A critical OS command injection vulnerability exists in Edimax EW-7438RPn wireless routers (up to v1.31) affecting the web interface's wizard survey function. Attackers can remotely execute arbitrary commands by manipulating IP configuration parameters. With no patch available and public exploit disclosure, this poses immediate risk to organizations using these devices for network access.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 27, 2026 00:00

🇸🇦 Saudi Arabia Impact Assessment

High impact for Saudi organizations using Edimax EW-7438RPn routers in branch offices, retail locations, and SME networks. Primary risk sectors: Banking (branch connectivity), Government agencies (network infrastructure), Healthcare facilities (patient data networks), Telecommunications (ISP/STC partner networks), and Energy sector (ARAMCO subsidiary networks). These routers are commonly deployed in small-to-medium business environments across Saudi Arabia for wireless access point functionality.

🏢 Affected Saudi Sectors

Banking and Financial Services Government and Public Administration Healthcare and Medical Facilities Energy and Utilities (ARAMCO) Telecommunications (STC, Mobily) Retail and E-commerce Small and Medium Enterprises (SMEs) Education Institutions

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1078 - Valid Accounts T1021 - Remote Service Session Initiation T1133 - External Remote Services T1548 - Abuse Elevation Control Mechanism

⚖️ Saudi Risk Score (AI)

8.2

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all Edimax EW-7438RPn devices in your network using network scanning tools (nmap, Shodan)

2. Isolate affected devices from critical networks or disable web management interface access

3. Restrict access to /goform/formWizSurvey endpoint via firewall rules (block port 80/443 to device management)

4. Change default credentials on all devices immediately

5. Monitor device logs for suspicious access patterns



COMPENSATING CONTROLS:

6. Implement network segmentation - place routers on isolated management VLAN

7. Disable remote management features if not required

8. Deploy WAF rules to block requests containing shell metacharacters (|, ;, &, $, `, \n) to /goform endpoints

9. Implement IDS/IPS signatures detecting command injection patterns in HTTP parameters

10. Consider replacing affected devices with patched alternatives from other vendors



DETECTION RULES:

- Monitor HTTP POST requests to /goform/formWizSurvey with parameters containing: backticks, $(), |, ;, &, >, <

- Alert on any successful command execution from web interface processes

- Track failed authentication attempts to device management interface

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع أجهزة Edimax EW-7438RPn في شبكتك باستخدام أدوات المسح

2. عزل الأجهزة المتأثرة عن الشبكات الحرجة أو تعطيل واجهة إدارة الويب

3. تقييد الوصول إلى نقطة النهاية /goform/formWizSurvey عبر قواعد جدار الحماية

4. تغيير بيانات اعتماد افتراضية على جميع الأجهزة فوراً

5. مراقبة سجلات الجهاز للأنشطة المريبة



الضوابط التعويضية:

6. تنفيذ تقسيم الشبكة - ضع أجهزة التوجيه على VLAN إدارة معزول

7. تعطيل ميزات الإدارة البعيدة إن لم تكن مطلوبة

8. نشر قواعد WAF لحجب الطلبات التي تحتوي على أحرف shell

9. تنفيذ توقيعات IDS/IPS للكشف عن أنماط حقن الأوامر

10. النظر في استبدال الأجهزة المتأثرة بأجهزة بديلة من بائعين آخرين

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.5.1.1 - Information security policies and procedures A.8.1.1 - User access management A.8.2.1 - User registration and de-registration A.12.2.1 - Change management procedures A.12.6.1 - Management of technical vulnerabilities

🔵 SAMA CSF

ID.AM-2 - Software platforms and applications are inventoried PR.AC-1 - Identities and credentials are issued and managed PR.PT-2 - Removable media is protected and its use restricted DE.CM-8 - Vulnerability scans are performed

🟡 ISO 27001:2022

A.12.6.1 - Management of technical vulnerabilities A.14.2.1 - Secure development policy A.8.1.1 - User access management A.13.1.1 - Network security perimeter

🟣 PCI DSS v4.0.1

Requirement 6.2 - Ensure security patches are installed Requirement 11.2 - Run automated vulnerability scans Requirement 2.1 - Always change vendor-supplied defaults

🔗 References & Sources 5

🔗

https://github.com/wudipjq/my_vuln/blob/main/Edimax/vuln_5/5.md

cna@vuldb.com

🔗

https://vuldb.com/submit/811543

cna@vuldb.com

🔗

https://vuldb.com/submit/813889

cna@vuldb.com

🔗

https://vuldb.com/vuln/365310

cna@vuldb.com

🔗

https://vuldb.com/vuln/365310/cti

cna@vuldb.com

📊 CVSS Score

6.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score6.3

CWECWE-77

EPSS0.86%

Exploit No

Patch ✗ No

Published 2026-05-24

Source Feed nvd

🇸🇦 Saudi Risk Score

8.2

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

CWE-77

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-9347

Introduce Yourself

Sign In Required