Edimax BR-6428nC Buffer Overflow (CVE-2026-7684) Exposed, High Severity
The National Vulnerability Database (NVD) has detailed CVE-2026-7684, a high-severity buffer overflow vulnerability impacting Edimax BR-6428nC routers up to version 1.16. This flaw resides in the /goform/setWAN function, specifically through manipulation of the pptpDfGateway argument, leading to a CVSS score of 8.8.
This is a critical remote attack vector. Attackers can exploit this without authentication, gaining full control over affected devices. The exploit code has been publicly disclosed, meaning the barrier to entry for malicious actors is effectively zero. Defenders should assume active exploitation is imminent, if not already underway.
The vendor, Edimax, has reportedly been unresponsive to disclosure attempts. This lack of vendor engagement leaves users in a precarious position, with no official patch available. Organizations and individuals using these devices must take immediate action to mitigate the risk.
What This Means For You
- If your organization or home network uses an Edimax BR-6428nC router, especially versions up to 1.16, you are directly exposed to CVE-2026-7684. This is not a theoretical threat; public exploit disclosure means attackers are likely already scanning for vulnerable devices. You must isolate or replace these devices immediately. If replacement isn't feasible, place them behind a robust firewall that strictly limits external access to the device's management interface.
Related ATT&CK Techniques
🛡️ Detection Rules
1 rule · 6 SIEM formats1 detection rule auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-7684 - Edimax BR-6428nC /goform/setWAN Buffer Overflow
title: CVE-2026-7684 - Edimax BR-6428nC /goform/setWAN Buffer Overflow
id: scw-2026-05-03-ai-1
status: experimental
level: critical
description: |
Detects the specific exploit path and parameter used in the Edimax BR-6428nC buffer overflow vulnerability (CVE-2026-7684). The vulnerability is triggered by sending a crafted request to the /goform/setWAN endpoint with a manipulated 'pptpDfGateway' argument, leading to a buffer overflow. This rule specifically looks for POST requests to this URI containing the vulnerable parameter.
author: SCW Feed Engine (AI-generated)
date: 2026-05-03
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7684/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/goform/setWAN'
cs-uri-query|contains:
- 'pptpDfGateway='
cs-method:
- 'POST'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7684 | Buffer Overflow | Edimax BR-6428nC up to 1.16 |
| CVE-2026-7684 | Buffer Overflow | Vulnerable file: /goform/setWAN |
| CVE-2026-7684 | Buffer Overflow | Vulnerable argument: pptpDfGateway |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 03, 2026 at 10:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7686 — Eyeo Adblock Plus Improper Access Control
CVE-2026-7686 — A vulnerability was found in eyeo Adblock Plus up to 4.36.2 on Chrome. Affected by this vulnerability is the function postMessage of the...
Edimax BR-6208AC Buffer Overflow: Remote Exploit Public (CVE-2026-7685)
CVE-2026-7685 — A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of...
CVE-2026-7683 — An Unknown Function Of The File /Goform/SetWAN Of The Compon Command Injection
CVE-2026-7683 — A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component...