CVE-2020-37125
CRITICAL WAF: High
CVSS 9.8
Published: 2026-02-05
CWE-78
Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands through the /goform/mp endpoint. Attackers can exploit the vulnerability by sending crafted POST requests with command injection payloads to download and execute malicious scripts on the device.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| edimax | ew-7438rpn_mini_firmware | 1.27 |
References
- www.edimax.com (Product)
- www.exploit-db.com (Exploit, Third Party Advisory, VDB Entry)
- www.vulncheck.com (Broken Link)