Plataforma
other
Componente
edimax-ew-7438rpn-mini
Corrigido em
1.23.1
1.27.1
CVE-2020-37149 describes a cross-site request forgery (CSRF) vulnerability present in the Edimax EW-7438RPn Mini wireless router. This vulnerability allows an attacker to trick an authenticated user into unknowingly submitting a malicious request, potentially leading to arbitrary command execution on the device. The vulnerability affects firmware versions 1.23 through 1.27. A firmware update is required to remediate this issue.
The primary impact of CVE-2020-37149 is the potential for remote command execution on the affected Edimax router. An attacker could craft a malicious form submitted through the /goform/mp endpoint, leveraging the user's existing authentication to execute arbitrary commands with the user's privileges. This could allow attackers to modify router settings, access sensitive data stored on the device, or even gain complete control over the router. Successful exploitation could lead to a compromise of the network the router protects, enabling further attacks against connected devices.
CVE-2020-37149 was published on 2026-02-05. There is no indication of active exploitation campaigns or KEV listing at this time. Public proof-of-concept exploits are not widely available, but the vulnerability's nature makes it relatively straightforward to exploit given access to the router's web interface and an authenticated user session.
Small businesses and home users relying on Edimax EW-7438RPn Mini routers with vulnerable firmware versions are at risk. Specifically, those with weak password policies or who frequently access the router's web interface from untrusted networks are more susceptible to CSRF attacks.
disclosure
Status do Exploit
EPSS
0.04% (percentil 11%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2020-37149 is to upgrade the Edimax EW-7438RPn Mini firmware to a patched version. Unfortunately, a specific fixed version is not provided in the CVE details. Until a patch is available, consider implementing stricter input validation on the /goform/mp endpoint to prevent malicious commands from being executed. Web Application Firewall (WAF) rules can be configured to detect and block suspicious requests targeting this endpoint. Monitor router logs for unusual activity and unauthorized command executions. After upgrade, confirm by attempting to trigger the vulnerable endpoint with a known malicious payload and verifying that it is blocked.
Actualice el firmware del dispositivo Edimax EW-7438RPn Mini a una versión que corrija la vulnerabilidad CSRF. Consulte el sitio web del proveedor para obtener la última versión del firmware y las instrucciones de actualización. Como medida temporal, evite acceder a sitios web no confiables mientras esté autenticado en la interfaz de administración del dispositivo.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2020-37149 is a cross-site request forgery vulnerability affecting Edimax EW-7438RPn Mini routers versions 1.23–1.27, allowing attackers to potentially execute commands.
You are affected if you are using an Edimax EW-7438RPn Mini router with firmware versions 1.23 through 1.27. Upgrade to a patched firmware version as soon as it becomes available.
The recommended fix is to upgrade the router's firmware to a patched version. Monitor Edimax's website for updates.
There is no current evidence of widespread active exploitation, but the vulnerability's nature makes it potentially exploitable.
Refer to Edimax's website for official security advisories and firmware updates related to CVE-2020-37149.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.