OS Command Injection Vulnerability in Edimax EW-7438RPn Mini Firmware
CVE-2025-34029

9.4CRITICAL

Key Information:

Vendor

Edimax

Status
Edimax Ew-7438rpn Mini
Vendor
CVE Published:
20 June 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-34029?

The Edimax EW-7438RPn Mini firmware possesses a vulnerability that allows remote authenticated attackers to execute arbitrary shell commands with root privileges via the sysCmd parameter in the syscmd.asp form handler. By exploiting the /goform/formSysCmd endpoint, an attacker can leverage this weakness to gain unauthorized command execution capabilities, posing significant security risks to affected systems.

Affected Version(s)

Edimax EW-7438RPn Mini 0 <= 1.13

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-34029 - Proof of Concept

References

https://www.edimax.com/edimax/merchandise/merchandise_det...
product
https://www.exploit-db.com/exploits/48377
third-party-advisoryexploit
https://www.broadcom.com/support/security-center/attacksi...
third-party-advisory

CVSS V4

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Besim Altinok
.
CVE-2025-34029 : OS Command Injection Vulnerability in Edimax EW-7438RPn Mini Firmware