Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-34024

An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can inject shell commands using shell metacharacters to achieve arbitrary command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC.

Published

2025-06-20T19:15:37.053

Last Modified

2025-11-20T22:15:55.127

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	edimax	ew-7438rpn_mini_firmware	≤ 1.13	Yes
Hardware	edimax	ew-7438rpn_mini	-	No

References

https://vulncheck.com/advisories/edimax-ew-7438rpn-command-injections Exploit, Third Party Advisory ([email protected])
https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=32163 Third Party Advisory ([email protected])
https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/ Product ([email protected])
https://www.exploit-db.com/exploits/48377 Exploit, VDB Entry ([email protected])