CVE-2026-7685

CVE-2026-7685 is a buffer overflow vulnerability affecting Edimax BR-6208AC routers running firmware versions up to 1.02. The issue resides in an unknown function within the /goform/setWAN file, where manipulation of the pptpDfGateway argument triggers the overflow. Classified under CWE-119 and CWE-120, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

The vulnerability can be exploited remotely by an attacker with low privileges (PR:L), requiring no user interaction. Successful exploitation allows arbitrary code execution, potentially granting high levels of confidentiality, integrity, and availability compromise on the affected device. A public exploit is available, increasing the risk of widespread abuse.

Advisories from VulDB and related disclosures note that the vendor was contacted early but provided no response or patches. No official mitigations or firmware updates are referenced, leaving affected devices reliant on network segmentation, access controls, or device replacement for defense.

The exploit's public availability heightens the urgency for users of vulnerable Edimax BR-6208AC routers to isolate or decommission them, as no vendor remediation is forthcoming.