Platform
other
Component
edimax-ew-7438rpn-mini
Fixed in
1.23.1
1.27.1
CVE-2020-37149 describes a cross-site request forgery (CSRF) vulnerability present in the Edimax EW-7438RPn Mini wireless router. This vulnerability allows an attacker to trick an authenticated user into unknowingly submitting a malicious request, potentially leading to arbitrary command execution on the device. The vulnerability affects firmware versions 1.23 through 1.27. A firmware update is required to remediate this issue.
The primary impact of CVE-2020-37149 is the potential for remote command execution on the affected Edimax router. An attacker could craft a malicious form submitted through the /goform/mp endpoint, leveraging the user's existing authentication to execute arbitrary commands with the user's privileges. This could allow attackers to modify router settings, access sensitive data stored on the device, or even gain complete control over the router. Successful exploitation could lead to a compromise of the network the router protects, enabling further attacks against connected devices.
CVE-2020-37149 was published on 2026-02-05. There is no indication of active exploitation campaigns or KEV listing at this time. Public proof-of-concept exploits are not widely available, but the vulnerability's nature makes it relatively straightforward to exploit given access to the router's web interface and an authenticated user session.
Exploit Status
EPSS
0.04% (11% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2020-37149 is to upgrade the Edimax EW-7438RPn Mini firmware to a patched version. Unfortunately, a specific fixed version is not provided in the CVE details. Until a patch is available, consider implementing stricter input validation on the /goform/mp endpoint to prevent malicious commands from being executed. Web Application Firewall (WAF) rules can be configured to detect and block suspicious requests targeting this endpoint. Monitor router logs for unusual activity and unauthorized command executions. After upgrade, confirm by attempting to trigger the vulnerable endpoint with a known malicious payload and verifying that it is blocked.
Update the Edimax EW-7438RPn Mini device firmware to a version that fixes the CSRF vulnerability. Refer to the vendor's website for the latest firmware version and update instructions. As a temporary measure, avoid accessing untrusted websites while authenticated in the device's administration interface.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2020-37149 is a cross-site request forgery vulnerability affecting Edimax EW-7438RPn Mini routers versions 1.23–1.27, allowing attackers to potentially execute commands.
You are affected if you are using an Edimax EW-7438RPn Mini router with firmware versions 1.23 through 1.27. Upgrade to a patched firmware version as soon as it becomes available.
The recommended fix is to upgrade the router's firmware to a patched version. Monitor Edimax's website for updates.
There is no current evidence of widespread active exploitation, but the vulnerability's nature makes it potentially exploitable.
Refer to Edimax's website for official security advisories and firmware updates related to CVE-2020-37149.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.