CVE-2026-7683 — An Unknown Function Of The File /Goform/SetWAN Of The Compon Command Injection
CVE-2026-7683 — A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserName/pptpUserName causes command injection. The attack can be initiated remotely. The ex
What This Means For You
- If your environment is affected by CWE-74, CWE-77, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-7683 updates and patches.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-7683 - Edimax BR-6428nC /goform/setWAN Command Injection
title: CVE-2026-7683 - Edimax BR-6428nC /goform/setWAN Command Injection
id: scw-2026-05-03-ai-1
status: experimental
level: critical
description: |
Detects attempts to exploit CVE-2026-7683 by targeting the /goform/setWAN endpoint on Edimax BR-6428nC devices. The rule specifically looks for the presence of 'pppUserName' or 'pptpUserName' parameters in the URI query, combined with characters commonly used in command injection payloads such as spaces, backticks, semicolons, or pipes, indicating an attempt to inject arbitrary commands.
author: SCW Feed Engine (AI-generated)
date: 2026-05-03
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7683/
tags:
- attack.execution
- attack.t1059.004
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/goform/setWAN'
cs-uri-query|contains:
- 'pppUserName='
- 'pptpUserName='
cs-uri-query|contains:
- ' '
cs-uri-query|contains:
- '`'
cs-uri-query|contains:
- ';'
cs-uri-query|contains:
- '|'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7683 | vulnerability | CVE-2026-7683 |
| CWE-74 | weakness | CWE-74 |
| CWE-77 | weakness | CWE-77 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 03, 2026 at 10:16 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7686 — Eyeo Adblock Plus Improper Access Control
CVE-2026-7686 — A vulnerability was found in eyeo Adblock Plus up to 4.36.2 on Chrome. Affected by this vulnerability is the function postMessage of the...
Edimax BR-6208AC Buffer Overflow: Remote Exploit Public (CVE-2026-7685)
CVE-2026-7685 — A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of...
Edimax BR-6428nC Buffer Overflow (CVE-2026-7684) Exposed, High Severity
CVE-2026-7684 — A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation...