الثغرات ›

CVE-2026-9347

متوسط

CWE-77 — نوع الضعف

                    نُشر: May 24, 2026                      ·  آخر تحديث: May 27, 2026                      ·  المصدر: NVD                

CVSS v3

6.3

🔗 NVD الرسمي

📄 الوصف (الإنجليزية)

A vulnerability has been found in Edimax EW-7438RPn up to 1.31. Affected is the function formWizSurvey of the file /goform/formWizSurvey of the component webs. The manipulation of the argument ip/mask/gateway leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

🤖 ملخص AI

A critical OS command injection vulnerability exists in Edimax EW-7438RPn wireless routers (up to v1.31) affecting the web interface's wizard survey function. Attackers can remotely execute arbitrary commands by manipulating IP configuration parameters. With no patch available and public exploit disclosure, this poses immediate risk to organizations using these devices for network access.

📄 الوصف (العربية)

🤖 التحليل الذكي آخر تحليل: May 27, 2026 00:00

🇸🇦 التأثير على المملكة العربية السعودية

High impact for Saudi organizations using Edimax EW-7438RPn routers in branch offices, retail locations, and SME networks. Primary risk sectors: Banking (branch connectivity), Government agencies (network infrastructure), Healthcare facilities (patient data networks), Telecommunications (ISP/STC partner networks), and Energy sector (ARAMCO subsidiary networks). These routers are commonly deployed in small-to-medium business environments across Saudi Arabia for wireless access point functionality.

🏢 القطاعات السعودية المتأثرة

Banking and Financial Services Government and Public Administration Healthcare and Medical Facilities Energy and Utilities (ARAMCO) Telecommunications (STC, Mobily) Retail and E-commerce Small and Medium Enterprises (SMEs) Education Institutions

🎯 تقنيات MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1078 - Valid Accounts T1021 - Remote Service Session Initiation T1133 - External Remote Services T1548 - Abuse Elevation Control Mechanism

⚖️ درجة المخاطر السعودية (AI)

8.2

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all Edimax EW-7438RPn devices in your network using network scanning tools (nmap, Shodan)

2. Isolate affected devices from critical networks or disable web management interface access

3. Restrict access to /goform/formWizSurvey endpoint via firewall rules (block port 80/443 to device management)

4. Change default credentials on all devices immediately

5. Monitor device logs for suspicious access patterns



COMPENSATING CONTROLS:

6. Implement network segmentation - place routers on isolated management VLAN

7. Disable remote management features if not required

8. Deploy WAF rules to block requests containing shell metacharacters (|, ;, &, $, `, \n) to /goform endpoints

9. Implement IDS/IPS signatures detecting command injection patterns in HTTP parameters

10. Consider replacing affected devices with patched alternatives from other vendors



DETECTION RULES:

- Monitor HTTP POST requests to /goform/formWizSurvey with parameters containing: backticks, $(), |, ;, &, >, <

- Alert on any successful command execution from web interface processes

- Track failed authentication attempts to device management interface

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع أجهزة Edimax EW-7438RPn في شبكتك باستخدام أدوات المسح

2. عزل الأجهزة المتأثرة عن الشبكات الحرجة أو تعطيل واجهة إدارة الويب

3. تقييد الوصول إلى نقطة النهاية /goform/formWizSurvey عبر قواعد جدار الحماية

4. تغيير بيانات اعتماد افتراضية على جميع الأجهزة فوراً

5. مراقبة سجلات الجهاز للأنشطة المريبة



الضوابط التعويضية:

6. تنفيذ تقسيم الشبكة - ضع أجهزة التوجيه على VLAN إدارة معزول

7. تعطيل ميزات الإدارة البعيدة إن لم تكن مطلوبة

8. نشر قواعد WAF لحجب الطلبات التي تحتوي على أحرف shell

9. تنفيذ توقيعات IDS/IPS للكشف عن أنماط حقن الأوامر

10. النظر في استبدال الأجهزة المتأثرة بأجهزة بديلة من بائعين آخرين

📋 خريطة الامتثال التنظيمي

🟢 NCA ECC 2024

A.5.1.1 - Information security policies and procedures A.8.1.1 - User access management A.8.2.1 - User registration and de-registration A.12.2.1 - Change management procedures A.12.6.1 - Management of technical vulnerabilities

🔵 SAMA CSF

ID.AM-2 - Software platforms and applications are inventoried PR.AC-1 - Identities and credentials are issued and managed PR.PT-2 - Removable media is protected and its use restricted DE.CM-8 - Vulnerability scans are performed

🟡 ISO 27001:2022

A.12.6.1 - Management of technical vulnerabilities A.14.2.1 - Secure development policy A.8.1.1 - User access management A.13.1.1 - Network security perimeter

🟣 PCI DSS v4.0.1

Requirement 6.2 - Ensure security patches are installed Requirement 11.2 - Run automated vulnerability scans Requirement 2.1 - Always change vendor-supplied defaults

🔗 المراجع والمصادر 5

🔗

https://github.com/wudipjq/my_vuln/blob/main/Edimax/vuln_5/5.md

cna@vuldb.com

🔗

https://vuldb.com/submit/811543

cna@vuldb.com

🔗

https://vuldb.com/submit/813889

cna@vuldb.com

🔗

https://vuldb.com/vuln/365310

cna@vuldb.com

🔗

https://vuldb.com/vuln/365310/cti

cna@vuldb.com

📊 CVSS Score

6.3

/ 10.0 — متوسط

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 حقائق سريعة

الخطورة متوسط

CVSS Score6.3

CWECWE-77

EPSS0.86%

اختراق متاح لا

تصحيح متاح ✗ لا

تاريخ النشر 2026-05-24

المصدر nvd

المشاهدات 2

🇸🇦 درجة المخاطر السعودية

8.2

/ 10.0 — مخاطر السعودية

أولوية: CRITICAL

🏷️ الوسوم

CWE-77

⚡ إجراءات

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-9347

عرّفنا بنفسك

تسجيل الدخول مطلوب