平台
other
组件
edimax-ew-7438rpn-mini
修复版本
1.23.1
1.27.1
CVE-2020-37149 describes a cross-site request forgery (CSRF) vulnerability present in the Edimax EW-7438RPn Mini wireless router. This vulnerability allows an attacker to trick an authenticated user into unknowingly submitting a malicious request, potentially leading to arbitrary command execution on the device. The vulnerability affects firmware versions 1.23 through 1.27. A firmware update is required to remediate this issue.
The primary impact of CVE-2020-37149 is the potential for remote command execution on the affected Edimax router. An attacker could craft a malicious form submitted through the /goform/mp endpoint, leveraging the user's existing authentication to execute arbitrary commands with the user's privileges. This could allow attackers to modify router settings, access sensitive data stored on the device, or even gain complete control over the router. Successful exploitation could lead to a compromise of the network the router protects, enabling further attacks against connected devices.
CVE-2020-37149 was published on 2026-02-05. There is no indication of active exploitation campaigns or KEV listing at this time. Public proof-of-concept exploits are not widely available, but the vulnerability's nature makes it relatively straightforward to exploit given access to the router's web interface and an authenticated user session.
Small businesses and home users relying on Edimax EW-7438RPn Mini routers with vulnerable firmware versions are at risk. Specifically, those with weak password policies or who frequently access the router's web interface from untrusted networks are more susceptible to CSRF attacks.
disclosure
漏洞利用状态
EPSS
0.04% (11% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2020-37149 is to upgrade the Edimax EW-7438RPn Mini firmware to a patched version. Unfortunately, a specific fixed version is not provided in the CVE details. Until a patch is available, consider implementing stricter input validation on the /goform/mp endpoint to prevent malicious commands from being executed. Web Application Firewall (WAF) rules can be configured to detect and block suspicious requests targeting this endpoint. Monitor router logs for unusual activity and unauthorized command executions. After upgrade, confirm by attempting to trigger the vulnerable endpoint with a known malicious payload and verifying that it is blocked.
将 Edimax EW-7438RPn Mini 设备固件更新到修复 CSRF 漏洞的版本。请参阅供应商网站以获取最新的固件版本和更新说明。作为临时措施,在您已认证到设备的管理界面时,请避免访问不可信的网站。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2020-37149 is a cross-site request forgery vulnerability affecting Edimax EW-7438RPn Mini routers versions 1.23–1.27, allowing attackers to potentially execute commands.
You are affected if you are using an Edimax EW-7438RPn Mini router with firmware versions 1.23 through 1.27. Upgrade to a patched firmware version as soon as it becomes available.
The recommended fix is to upgrade the router's firmware to a patched version. Monitor Edimax's website for updates.
There is no current evidence of widespread active exploitation, but the vulnerability's nature makes it potentially exploitable.
Refer to Edimax's website for official security advisories and firmware updates related to CVE-2020-37149.