CVE-2026-7682 — Edimax BR-6208AC Command Injection
CVE-2026-7682 — A security flaw has been discovered in Edimax BR-6208AC 1.02. The impacted element is the function setWAN of the file /goform/setWAN of the component L2TP Mode. The manipulation of the argument L2TPUserName results in command injection. It is possible to launch the attack remotely. T
What This Means For You
- If your environment is affected by CWE-74, CWE-77, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-7682 updates and patches.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-7682 - Edimax BR-6208AC L2TPUserName Command Injection
title: CVE-2026-7682 - Edimax BR-6208AC L2TPUserName Command Injection
id: scw-2026-05-03-ai-1
status: experimental
level: critical
description: |
Detects attempts to exploit CVE-2026-7682 on Edimax BR-6208AC devices. The rule specifically looks for requests to the '/goform/setWAN' endpoint with the 'L2TPUserName' parameter containing characters indicative of command injection (space, &&, ;, |). This is the primary vector for initial access via this vulnerability.
author: SCW Feed Engine (AI-generated)
date: 2026-05-03
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7682/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|startswith:
- '/goform/setWAN'
cs-uri-query|contains:
- 'L2TPUserName='
cs-uri-query|contains:
- ' '
cs-uri-query|contains:
- '&&'
cs-uri-query|contains:
- ';'
cs-uri-query|contains:
- '|'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7682 | vulnerability | CVE-2026-7682 |
| CWE-74 | weakness | CWE-74 |
| CWE-77 | weakness | CWE-77 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 03, 2026 at 10:16 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7686 — Eyeo Adblock Plus Improper Access Control
CVE-2026-7686 — A vulnerability was found in eyeo Adblock Plus up to 4.36.2 on Chrome. Affected by this vulnerability is the function postMessage of the...
Edimax BR-6208AC Buffer Overflow: Remote Exploit Public (CVE-2026-7685)
CVE-2026-7685 — A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of...
Edimax BR-6428nC Buffer Overflow (CVE-2026-7684) Exposed, High Severity
CVE-2026-7684 — A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation...