GCVE - cpe:2.3:h:edimax:ew-7438rpn_mini:3:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:edimax:ew-7438rpn_mini:3:*:*:*:*:*:*:*

part: h version: 3 update: *

Vendor	Edimax (`b21209bc-38b2-5a9c-baa2-25a5068c39e9`)
Product	Ew 7438Rpn Mini (`61567694-95aa-5e33-b913-200a152c15ec`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-37150`	not_vulnerable	2026-06-03 14:42:40.869147	Edimax Technology EW-7438RPn-v3 Mini 1.27 - Unauthorized Access: Wi-Fi Password Disclosure HIGH (7.5) Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizard_reboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by sending a GET request to this endpoint, exposing sensitive information without authentication. Published: 2026-02-05T16:13:42.574Z Updated: 2026-05-25T23:41:11.811Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/48318 https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/ https://www.vulncheck.com/advisories/edimax-technology-ew-rpn-mini-unauthorized-access-wi-fi-password-disclosure	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-37149`	not_vulnerable	2026-06-03 14:42:40.868676	Edimax Technology EW-7438RPn-v3 Mini 1.27 - Cross-Site Request Forgery (CSRF) to Command Execution HIGH (8.1) Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery (CSRF) that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the /goform/mp endpoint, resulting in arbitrary command execution on the device with the user's privileges. Published: 2026-02-05T16:13:42.106Z Updated: 2026-03-05T01:28:15.174Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/48318 https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/ https://www.vulncheck.com/advisories/edimax-technology-ew-rpn-mini-cross-site-request-forgery-csrf-to-command-execution	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-37125`	not_vulnerable	2026-06-03 14:42:40.815104	Edimax Technology EW-7438RPn-v3 Mini 1.27 - Remote Code Execution CRITICAL (9.8) Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands through the /goform/mp endpoint. Attackers can exploit the vulnerability by sending crafted POST requests with command injection payloads to download and execute malicious scripts on the device. Published: 2026-02-05T16:13:32.799Z Updated: 2026-03-05T01:28:06.555Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/48318 https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/ https://www.vulncheck.com/advisories/edimax-technology-ew-rpn-mini-remote-code-execution	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.