CVE-2025-34024
Edimax EW-7438RPn Mini OS Command Injection via mp.asp
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can inject shell commands using shell metacharacters to achieve arbitrary command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC.
| CWE | CWE-78 |
| Vendor | edimax |
| Product | edimax ew-7438rpn mini |
| Published | Jun 20, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for edimax edimax ew-7438rpn mini
Be the first to know when new unknown vulnerabilities affecting edimax edimax ew-7438rpn mini are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Edimax / Edimax EW-7438RPn Mini
0 โค 1.13
References
edimax.com: https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/ exploit-db.com: https://www.exploit-db.com/exploits/48377 broadcom.com: https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=32163 vulncheck.com: https://vulncheck.com/advisories/edimax-ew-7438rpn-command-injections
Credits
Besim Altinok