CVE-2025-34029
Edimax EW-7438RPn Mini OS Command Injection via syscmd.asp
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell commands directly, resulting in command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC.
| CWE | CWE-78 |
| Vendor | edimax |
| Product | edimax ew-7438rpn mini |
| Published | Jun 20, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for edimax edimax ew-7438rpn mini
Be the first to know when new unknown vulnerabilities affecting edimax edimax ew-7438rpn mini are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Edimax / Edimax EW-7438RPn Mini
0 ≤ 1.13
References
edimax.com: https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/ exploit-db.com: https://www.exploit-db.com/exploits/48377 broadcom.com: https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=32163 vulncheck.com: https://vulncheck.com/advisories/edimax-ew-7438rpn-command-injections
Credits
Besim Altinok