CVE-2020-37149

Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery (CSRF) that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the /goform/mp endpoint, resulting in arbitrary command execution on the device with the user's privileges.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/	Product
https://www.exploit-db.com/exploits/48318	Exploit Third Party Advisory VDB Entry
https://www.vulncheck.com/advisories/edimax-technology-ew-rpn-mini-cross-site-request-forgery-csrf-to-command-execution	Broken Link

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:edimax:ew-7438rpn_mini_firmware:1.27:*:*:*:*:*:*:*

cpe:2.3:h:edimax:ew-7438rpn_mini:3:*:*:*:*:*:*:*

History

18 Feb 2026, 18:09

Type	Values Removed	Values Added
First Time		Edimax ew-7438rpn Mini Edimax Edimax ew-7438rpn Mini Firmware
CPE		cpe:2.3:h:edimax:ew-7438rpn_mini:3:::::::* cpe:2.3:o:edimax:ew-7438rpn_mini_firmware:1.27:::::::*
Summary		(es) Edimax EW-7438RPn-v3 Mini 1.27 es vulnerable a falsificación de petición en sitios cruzados (CSRF) que puede conducir a la ejecución de comandos. Un atacante puede engañar a un usuario autenticado para que envíe un formulario manipulado al endpoint /goform/mp, lo que resulta en la ejecución arbitraria de comandos en el dispositivo con los privilegios del usuario.
References	~~() https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/ -~~	() https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/ - Product
References	~~() https://www.exploit-db.com/exploits/48318 -~~	() https://www.exploit-db.com/exploits/48318 - Exploit, Third Party Advisory, VDB Entry
References	~~() https://www.vulncheck.com/advisories/edimax-technology-ew-rpn-mini-cross-site-request-forgery-csrf-to-command-execution -~~	() https://www.vulncheck.com/advisories/edimax-technology-ew-rpn-mini-cross-site-request-forgery-csrf-to-command-execution - Broken Link

05 Feb 2026, 17:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-05 17:16

Updated : 2026-02-18 18:09

NVD link : CVE-2020-37149

Mitre link : CVE-2020-37149

CVE.ORG link : CVE-2020-37149

JSON object : View

Products Affected

edimax

ew-7438rpn_mini_firmware
ew-7438rpn_mini

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

8.1 /10