CVE-2026-12806: Buffer Overflow in Edimax BR-6478AC V2
CVE-2026-12806 is a buffer overflow vulnerability in the Edimax BR-6478AC V2 router firmware version 1.23. The flaw exists in the formWlSiteSurvey function handling the POST request at /goform/formWlSiteSurvey, where improper manipulation of the selSSID argument can cause a buffer overflow. This vulnerability is remotely exploitable without user interaction. The vendor has not responded to the disclosure, and no official patch or mitigation has been provided. The vulnerability has been publicly disclosed and carries a high severity rating.
AI Analysis
Technical Summary
The Edimax BR-6478AC V2 router firmware version 1.23 contains a buffer overflow vulnerability in the formWlSiteSurvey function of the POST request handler. Specifically, the selSSID argument is improperly handled, allowing an attacker to overflow a buffer remotely. This vulnerability can be exploited without user interaction and has been publicly disclosed. The vendor was contacted but did not provide any response or patch information. No official remediation or patch is currently known.
Potential Impact
Successful exploitation of this buffer overflow could allow a remote attacker to cause a denial of service or potentially execute arbitrary code on the affected device. Given the high CVSS score of 8.7 and the vector indicating network attack with no privileges or user interaction required, the impact is significant. However, there are no confirmed exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not responded and no patch is available, users should monitor official Edimax channels for updates. Until a fix is released, consider limiting network exposure of the affected device and applying network-level protections to restrict access to the management interface.
CVE-2026-12806: Buffer Overflow in Edimax BR-6478AC V2
Description
CVE-2026-12806 is a buffer overflow vulnerability in the Edimax BR-6478AC V2 router firmware version 1.23. The flaw exists in the formWlSiteSurvey function handling the POST request at /goform/formWlSiteSurvey, where improper manipulation of the selSSID argument can cause a buffer overflow. This vulnerability is remotely exploitable without user interaction. The vendor has not responded to the disclosure, and no official patch or mitigation has been provided. The vulnerability has been publicly disclosed and carries a high severity rating.
CVSS v4.0
Score 8.7high
Affected software
cpe:2.3:a:edimax:br-6478ac_v2:*:*:*:*:*:*:*:*AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Edimax BR-6478AC V2 router firmware version 1.23 contains a buffer overflow vulnerability in the formWlSiteSurvey function of the POST request handler. Specifically, the selSSID argument is improperly handled, allowing an attacker to overflow a buffer remotely. This vulnerability can be exploited without user interaction and has been publicly disclosed. The vendor was contacted but did not provide any response or patch information. No official remediation or patch is currently known.
Potential Impact
Successful exploitation of this buffer overflow could allow a remote attacker to cause a denial of service or potentially execute arbitrary code on the affected device. Given the high CVSS score of 8.7 and the vector indicating network attack with no privileges or user interaction required, the impact is significant. However, there are no confirmed exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not responded and no patch is available, users should monitor official Edimax channels for updates. Until a fix is released, consider limiting network exposure of the affected device and applying network-level protections to restrict access to the management interface.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-06-21T04:19:50.899Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a383e01eed863c81e4236a7
Added to database: 06/21/2026, 19:39:45 UTC
Last enriched: 06/21/2026, 19:54:04 UTC
Last updated: 06/22/2026, 02:43:40 UTC
Views: 34
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.