Edimax BR-6478AC Buffer Overflow: Remote Exploit Publicly Available

/HIGH /CVSS 8.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitybuffer-overflowcwe-119cwe-120
Edimax BR-6478AC Buffer Overflow: Remote Exploit Publicly Available

The National Vulnerability Database has disclosed CVE-2026-10164, a high-severity buffer overflow vulnerability impacting Edimax BR-6478AC routers running firmware version 1.23. This flaw resides within the formUSBFolder function of the /goform/formUSBFolder component, specifically when handling POST requests.

Attackers can trigger this buffer overflow remotely by manipulating the ShareName or SelectName arguments. With a CVSS score of 8.8 (High), this vulnerability poses a significant risk, allowing for potential remote code execution or denial of service. The exploit code has been publicly released, making this a critical threat for unpatched devices.

This isn’t just a theoretical bug; it’s a weaponized vulnerability. Defenders need to recognize that public exploits drastically reduce the barrier to entry for attackers. Any Edimax BR-6478AC router running the affected firmware is a sitting duck for opportunistic scanning and exploitation.

What This Means For You

  • If your organization or remote workforce relies on Edimax BR-6478AC routers, you are directly exposed. Immediately identify all instances of this device within your network and prioritize patching to the latest firmware. If a patch isn't available, isolate these devices or implement strict access controls to prevent remote exploitation.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1200 Hardware Additions Persistence

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-10164 - Edimax BR-6478AC formUSBFolder Buffer Overflow

Sigma YAML — free preview 
title: CVE-2026-10164 - Edimax BR-6478AC formUSBFolder Buffer Overflow
id: scw-2026-05-31-ai-1
status: experimental
level: critical
description: |
  This rule detects attempts to exploit CVE-2026-10164, a buffer overflow vulnerability in the Edimax BR-6478AC router. The exploit targets the formUSBFolder function via a POST request to /goform/formUSBFolder, manipulating the ShareName or SelectName parameters with overly long values to trigger the overflow. The presence of 'ShareName=' or 'SelectName=' in the URI query, combined with a large string input, is a strong indicator of this specific exploit.
author: SCW Feed Engine (AI-generated)
date: 2026-05-31
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-10164/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-method:
          - 'POST'
      uri|contains:
          - '/goform/formUSBFolder'
      cs-uri-query|contains:
          - 'ShareName='
          - 'SelectName='
  selection_overflow:
      cs-uri-query|contains:
          - 'ShareName=' + 'A'*1000
          - 'SelectName=' + 'A'*1000
  condition: selection AND selection_overflow
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-10164 Buffer Overflow Edimax BR-6478AC version 1.23
CVE-2026-10164 Buffer Overflow Vulnerable function: formUSBFolder
CVE-2026-10164 Buffer Overflow Vulnerable file: /goform/formUSBFolder
CVE-2026-10164 Buffer Overflow Vulnerable component: POST Request Handler
CVE-2026-10164 Buffer Overflow Manipulation of arguments: ShareName/SelectName

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 31, 2026 at 07:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-48209: OTRS XSS Exposes Agent Sessions to Attackers

CVE-2026-48209 — An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting (XSS)...

vulnerabilityCVEhigh-severitycross-site-scripting-xsscwe-79cwe-116
/SCW Vulnerability Desk /HIGH /7.1 /⚑ 4 IOCs /⚙ 2 Sigma

CVE-2026-48208 — Denial of Service

CVE-2026-48208 — An improper neutralization of active SVG content in OTRS or ((OTRS)) Community Edition ticket article rendering allows attackers to inject specially crafted SVG...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-400cwe-791
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-48189 — OTRS Customer Backend Module Vulnerability

CVE-2026-48189 — An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note...

vulnerabilityCVEmedium-severitycwe-200
/SCW Vulnerability Desk /MEDIUM /5.7 /⚑ 2 IOCs /⚙ 1 Sigma