Plateforme
other
Composant
edimax-ew-7438rpn-mini
Corrigé dans
1.23.1
1.27.1
CVE-2020-37149 describes a cross-site request forgery (CSRF) vulnerability present in the Edimax EW-7438RPn Mini wireless router. This vulnerability allows an attacker to trick an authenticated user into unknowingly submitting a malicious request, potentially leading to arbitrary command execution on the device. The vulnerability affects firmware versions 1.23 through 1.27. A firmware update is required to remediate this issue.
The primary impact of CVE-2020-37149 is the potential for remote command execution on the affected Edimax router. An attacker could craft a malicious form submitted through the /goform/mp endpoint, leveraging the user's existing authentication to execute arbitrary commands with the user's privileges. This could allow attackers to modify router settings, access sensitive data stored on the device, or even gain complete control over the router. Successful exploitation could lead to a compromise of the network the router protects, enabling further attacks against connected devices.
CVE-2020-37149 was published on 2026-02-05. There is no indication of active exploitation campaigns or KEV listing at this time. Public proof-of-concept exploits are not widely available, but the vulnerability's nature makes it relatively straightforward to exploit given access to the router's web interface and an authenticated user session.
Small businesses and home users relying on Edimax EW-7438RPn Mini routers with vulnerable firmware versions are at risk. Specifically, those with weak password policies or who frequently access the router's web interface from untrusted networks are more susceptible to CSRF attacks.
disclosure
Statut de l'Exploit
EPSS
0.04% (percentile 11%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2020-37149 is to upgrade the Edimax EW-7438RPn Mini firmware to a patched version. Unfortunately, a specific fixed version is not provided in the CVE details. Until a patch is available, consider implementing stricter input validation on the /goform/mp endpoint to prevent malicious commands from being executed. Web Application Firewall (WAF) rules can be configured to detect and block suspicious requests targeting this endpoint. Monitor router logs for unusual activity and unauthorized command executions. After upgrade, confirm by attempting to trigger the vulnerable endpoint with a known malicious payload and verifying that it is blocked.
Mettez à jour le firmware du dispositif Edimax EW-7438RPn Mini vers une version qui corrige la vulnérabilité CSRF. Consultez le site web du fournisseur pour obtenir la dernière version du firmware et les instructions de mise à jour. En tant que mesure temporaire, évitez d'accéder à des sites web non fiables pendant que vous êtes authentifié dans l'interface d'administration du dispositif.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2020-37149 is a cross-site request forgery vulnerability affecting Edimax EW-7438RPn Mini routers versions 1.23–1.27, allowing attackers to potentially execute commands.
You are affected if you are using an Edimax EW-7438RPn Mini router with firmware versions 1.23 through 1.27. Upgrade to a patched firmware version as soon as it becomes available.
The recommended fix is to upgrade the router's firmware to a patched version. Monitor Edimax's website for updates.
There is no current evidence of widespread active exploitation, but the vulnerability's nature makes it potentially exploitable.
Refer to Edimax's website for official security advisories and firmware updates related to CVE-2020-37149.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.