CVE-2026-9440 | Edimax BR-6478AC 1.23 POST Request /goform/formAccept submit-url command injection

A vulnerability was found in Edimax BR-6478AC 1.23. It has been declared as critical. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulation of the argument submit-url leads to command injection.

This vulnerability is referenced as CVE-2026-9440. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More