CVE-2020-37125

Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands through the /goform/mp endpoint. Attackers can exploit the vulnerability by sending crafted POST requests with command injection payloads to download and execute malicious scripts on the device.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/	Product
https://www.exploit-db.com/exploits/48318	Exploit Third Party Advisory VDB Entry
https://www.vulncheck.com/advisories/edimax-technology-ew-rpn-mini-remote-code-execution	Broken Link

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:edimax:ew-7438rpn_mini_firmware:1.27:*:*:*:*:*:*:*

cpe:2.3:h:edimax:ew-7438rpn_mini:3:*:*:*:*:*:*:*

History

18 Feb 2026, 18:09

Type	Values Removed	Values Added
First Time		Edimax ew-7438rpn Mini Edimax Edimax ew-7438rpn Mini Firmware
Summary		(es) Edimax EW-7438RPn-v3 Mini 1.27 contiene una vulnerabilidad de ejecución remota de código que permite a atacantes no autenticados ejecutar comandos arbitrarios a través del endpoint /goform/mp. Los atacantes pueden explotar la vulnerabilidad enviando solicitudes POST manipuladas con cargas útiles de inyección de comandos para descargar y ejecutar scripts maliciosos en el dispositivo.
CPE		cpe:2.3:h:edimax:ew-7438rpn_mini:3:::::::* cpe:2.3:o:edimax:ew-7438rpn_mini_firmware:1.27:::::::*
References	~~() https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/ -~~	() https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/ - Product
References	~~() https://www.exploit-db.com/exploits/48318 -~~	() https://www.exploit-db.com/exploits/48318 - Exploit, Third Party Advisory, VDB Entry
References	~~() https://www.vulncheck.com/advisories/edimax-technology-ew-rpn-mini-remote-code-execution -~~	() https://www.vulncheck.com/advisories/edimax-technology-ew-rpn-mini-remote-code-execution - Broken Link

05 Feb 2026, 17:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-05 17:16

Updated : 2026-02-18 18:09

NVD link : CVE-2020-37125

Mitre link : CVE-2020-37125

CVE.ORG link : CVE-2020-37125

JSON object : View

Products Affected

edimax

ew-7438rpn_mini_firmware
ew-7438rpn_mini

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

9.8 /10