CVE-2026-9379 | Edimax BR-6675nD 1.12 POST Request /goform/formWpsStart pinCode command injection

A vulnerability marked as critical has been reported in Edimax BR-6675nD 1.12. This impacts the function formWpsStart of the file /goform/formWpsStart of the component POST Request Handler. This manipulation of the argument pinCode causes command injection.

This vulnerability is handled as CVE-2026-9379. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More