Edimax BR-6478AC Buffer Overflow (CVE-2026-10163) Publicly Disclosed
A critical buffer overflow vulnerability, identified as CVE-2026-10163, has been discovered in Edimax BR-6478AC routers, specifically version 1.23. The National Vulnerability Database (NVD) reports this flaw affects the formUSBAccount function within the /goform/formUSBAccount POST Request Handler component.
Manipulation of the UserName and Password arguments can trigger the buffer overflow, leading to remote exploitation. The NVD assesses this vulnerability with a CVSSv3.1 score of 8.8 (High), highlighting its severe impact. Public disclosure of the exploit means defenders should assume active exploitation is imminent or already underway.
This is a textbook example of why robust input validation is non-negotiable, especially in network infrastructure devices. Attackers will leverage this flaw to gain remote code execution, pivot into internal networks, or disrupt operations. The barrier to entry for exploitation is now effectively zero for anyone with basic scripting knowledge.
What This Means For You
- If your organization uses Edimax BR-6478AC routers, particularly version 1.23, you need to identify these devices immediately. Check for any available firmware updates from Edimax that address CVE-2026-10163. If no patch is available, isolate these devices from public internet access or consider replacement. This is a remote, unauthenticated vulnerability with public exploit code; it's a matter of when, not if, you'll be targeted.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-10163 - Edimax BR-6478AC formUSBAccount Buffer Overflow
title: CVE-2026-10163 - Edimax BR-6478AC formUSBAccount Buffer Overflow
id: scw-2026-05-31-ai-1
status: experimental
level: critical
description: |
Detects attempts to exploit the CVE-2026-10163 vulnerability in Edimax BR-6478AC routers by targeting the /goform/formUSBAccount endpoint via a POST request. This is the primary indicator of exploitation for this specific buffer overflow vulnerability.
author: SCW Feed Engine (AI-generated)
date: 2026-05-31
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-10163/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|endswith:
- '/goform/formUSBAccount'
cs-method|exact:
- 'POST'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-10163 | Buffer Overflow | Edimax BR-6478AC version 1.23 |
| CVE-2026-10163 | Buffer Overflow | Vulnerable component: POST Request Handler |
| CVE-2026-10163 | Buffer Overflow | Vulnerable file: /goform/formUSBAccount |
| CVE-2026-10163 | Buffer Overflow | Vulnerable function: formUSBAccount |
| CVE-2026-10163 | Buffer Overflow | Vulnerable arguments: UserName/Password |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 31, 2026 at 07:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-48209: OTRS XSS Exposes Agent Sessions to Attackers
CVE-2026-48209 — An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting (XSS)...
CVE-2026-48208 — Denial of Service
CVE-2026-48208 — An improper neutralization of active SVG content in OTRS or ((OTRS)) Community Edition ticket article rendering allows attackers to inject specially crafted SVG...
CVE-2026-48189 — OTRS Customer Backend Module Vulnerability
CVE-2026-48189 — An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note...