OS Command Injection Vulnerability in Edimax EW-7438RPn Firmware
CVE-2025-34024

9.4CRITICAL

Key Information:

Vendor

Edimax

Status
Edimax Ew-7438rpn Mini
Vendor
CVE Published:
20 June 2025

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2025-34024?

An OS command injection vulnerability is present in the Edimax EW-7438RPn firmware. This issue arises from improper handling of user input in the mp.asp form handler, specifically through the /goform/mp endpoint. An authenticated attacker can exploit this vulnerability by injecting shell metacharacters into the command parameter, leading to arbitrary command execution with root privileges. This flaw poses significant security risks, enabling unauthorized access and control over the device.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Edimax EW-7438RPn Mini 0 <= 1.13

References

https://www.edimax.com/edimax/merchandise/merchandise_det...
product
https://www.exploit-db.com/exploits/48377
third-party-advisoryexploit
https://www.broadcom.com/support/security-center/attacksi...
third-party-advisory

CVSS V4

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Besim Altinok
JSON
.