CVE-2026-9343 | Edimax EW-7438RPn up to 1.31 webs /goform/formWpsStart pinCode os command injection

A vulnerability has been found in Edimax EW-7438RPn up to 1.31 and classified as critical. The affected element is the function formWpsStart of the file /goform/formWpsStart of the component webs. This manipulation of the argument pinCode causes os command injection.

This vulnerability is registered as CVE-2026-9343. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More