Remote Code Execution Vulnerability in Edimax EW-7438RPn-v3 Mini
CVE-2020-37125

9.3CRITICAL

Key Information:

Vendor

Edimax Technology

Status
Ew-7438rpn Mini
Vendor
CVE Published:
5 February 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2020-37125?

The Edimax EW-7438RPn-v3 Mini firmware version 1.27 is susceptible to a remote code execution vulnerability. This flaw allows attackers, without authentication, to execute arbitrary commands by targeting the /goform/mp endpoint. Through specially crafted POST requests embedding command injection payloads, malicious actors can download and run scripts, leading to potential system compromise or unauthorized access. Users of this device should take immediate precautions to mitigate risks associated with this vulnerability.

Affected Version(s)

EW-7438RPn Mini 1.27

References

https://www.exploit-db.com/exploits/48318
exploit
https://www.edimax.com/edimax/merchandise/merchandise_det...
product
https://www.vulncheck.com/advisories/edimax-technology-ew...
third-party-advisory

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Wadeek
.