CVE-2026-9400 | Edimax BR-6675nD 1.12 POST Request /goform/formUSBStorage sub_dir command injection

A vulnerability categorized as critical has been discovered in Edimax BR-6675nD 1.12. This issue affects the function formUSBStorage of the file /goform/formUSBStorage of the component POST Request Handler. Executing a manipulation of the argument sub_dir can lead to command injection.

This vulnerability is registered as CVE-2026-9400. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More