GCVE - cpe:2.3:o:edimax:ew-7438rpn_mini_firmware:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:edimax:ew-7438rpn_mini_firmware:*:*:*:*:*:*:*:*

part: o version: * update: *

Vendor	Edimax (`b21209bc-38b2-5a9c-baa2-25a5068c39e9`)
Product	Ew 7438Rpn Mini Firmware (`cf14b3b4-9c47-59c5-be1c-3d2b22ef8ceb`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-34029`	vulnerable	2026-06-03 15:00:43.335630	Edimax EW-7438RPn Mini OS Command Injection via syscmd.asp An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell commands directly, resulting in command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC. Published: 2025-06-20T18:38:15.689Z Updated: 2026-05-14T02:07:23.605Z Open on db.gcve.eu Reference links https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/ https://www.exploit-db.com/exploits/48377 https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=32163 https://vulncheck.com/advisories/edimax-ew-7438rpn-command-injections	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-34024`	vulnerable	2026-06-03 15:00:43.320956	Edimax EW-7438RPn Mini OS Command Injection via mp.asp An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can inject shell commands using shell metacharacters to achieve arbitrary command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC. Published: 2025-06-20T18:38:02.885Z Updated: 2026-05-14T02:07:22.672Z Open on db.gcve.eu Reference links https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/ https://www.exploit-db.com/exploits/48377 https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=32163 https://vulncheck.com/advisories/edimax-ew-7438rpn-command-injections	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.