{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-34029", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-04-15T19:15:22.546Z", "datePublished": "2025-06-20T18:38:15.689Z", "dateUpdated": "2026-05-14T02:07:23.605Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Web Management Interface (syscmd.asp system command interface)"], "product": "Edimax EW-7438RPn Mini", "vendor": "Edimax", "versions": [{"lessThanOrEqual": "1.13", "status": "affected", "version": "0", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:edimax:ew-7438rpn_mini_v2:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.13", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "finder", "value": "Besim Altinok"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell commands directly, resulting in command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC."}], "value": "An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell commands directly, resulting in command execution as the root user.\u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC."}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.4, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-14T02:07:23.605Z"}, "references": [{"tags": ["product"], "url": "https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/"}, {"tags": ["third-party-advisory", "exploit"], "url": "https://www.exploit-db.com/exploits/48377"}, {"tags": ["third-party-advisory"], "url": "https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=32163"}, {"tags": ["third-party-advisory"], "url": "https://vulncheck.com/advisories/edimax-ew-7438rpn-command-injections"}], "source": {"discovery": "UNKNOWN"}, "tags": ["x_known-exploited-vulnerability"], "title": "Edimax EW-7438RPn Mini OS Command Injection via syscmd.asp", "x_generator": {"engine": "vulncheck"}, "datePublic": "2020-04-24T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-23T20:41:13.971995Z", "id": "CVE-2025-34029", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-23T20:41:36.630Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-34029", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-23T20:41:13.971995Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-23T20:41:23.047Z"}}], "cna": {"tags": ["x_known-exploited-vulnerability"], "title": "Edimax EW-7438RPn Mini OS Command Injection via syscmd.asp", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Besim Altinok"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.4, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Edimax", "modules": ["Web Management Interface (syscmd.asp system command interface)"], "product": "Edimax EW-7438RPn Mini", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.13"}], "defaultStatus": "unaffected"}], "datePublic": "2020-04-24T00:00:00.000Z", "references": [{"url": "https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/", "tags": ["product"]}, {"url": "https://www.exploit-db.com/exploits/48377", "tags": ["third-party-advisory", "exploit"]}, {"url": "https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=32163", "tags": ["third-party-advisory"]}, {"url": "https://vulncheck.com/advisories/edimax-ew-7438rpn-command-injections", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell commands directly, resulting in command execution as the root user.\u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC.", "supportingMedia": [{"type": "text/html", "value": "An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell commands directly, resulting in command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:edimax:ew-7438rpn_mini_v2:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "1.13", "versionStartIncluding": "0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-14T02:07:23.605Z"}}}, "cveMetadata": {"cveId": "CVE-2025-34029", "state": "PUBLISHED", "dateUpdated": "2026-05-14T02:07:23.605Z", "dateReserved": "2025-04-15T19:15:22.546Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2025-06-20T18:38:15.689Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:edimax:ew-7438rpn_mini_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "82AD0A5F-41F6-480D-AF55-88F0F768B669", "versionEndIncluding": "1.13", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:edimax:ew-7438rpn_mini:-:*:*:*:*:*:*:*", "matchCriteriaId": "883D1C81-1FD3-45CE-B1D8-85E760F4FF14", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell commands directly, resulting in command execution as the root user.\u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en el firmware 1.13 y anteriores del Edimax EW-7438RPn Mini a trav\u00e9s del controlador de formularios syscmd.asp. El endpoint /goform/formSysCmd expone una interfaz de comandos del sistema mediante el par\u00e1metro sysCmd. Un atacante remoto autenticado puede enviar comandos de shell arbitrarios directamente, lo que resulta en la ejecuci\u00f3n del comando como usuario root."}], "id": "CVE-2025-34029", "lastModified": "2025-11-20T22:15:55.260", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2025-06-20T19:15:37.210", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://vulncheck.com/advisories/edimax-ew-7438rpn-command-injections"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=32163"}, {"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/48377"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T18:50:46.965639+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware update that removes the syscmd.asp vulnerability to the Edimax EW\u20117438RPn Mini.", "Limit the device\u2019s network exposure by isolating it from untrusted networks or disabling remote management features if they are unnecessary.", "Ensure the device\u2019s administrative credentials are changed immediately from the defaults and use strong, unique passwords."], "summary": {"action": "Immediate Patch", "impact": "Remote Command Execution as root"}, "threat_synthesis": {"affected_systems": "Affected devices are the Edimax EW\u20117438RPn Mini Wi\u2011Fi range extenders with firmware 1.13 or earlier. These models are identified in the CNA as Edimax:Edimax EW\u20117438RPn Mini. The first evidence of field exploitation was recorded by the Shadowserver Foundation on 2024\u201109\u201114 UTC.", "description_and_impact": "An OS command\u2011injection flaw exists in the Edimax EW\u20117438RPn Mini Wi\u2011Fi range extenders running firmware version 1.13 and older. The syscmd.asp form handler in the /goform/formSysCmd endpoint fails to validate the sysCmd parameter, allowing a remote authenticated attacker to inject arbitrary shell commands. Successful exploitation executes these commands locally with root privileges, giving the attacker full control of the device\u2019s operating system.", "risk_and_exploitability": "The CVSS score of 9.4 indicates a critical vulnerability and the EPSS score of 5\u202f% suggests a notable probability of exploitation. The device is not listed in the CISA KEV catalog, but root\u2011level code execution represents a high\u2011priority threat. The violation of the input validation indicates an OS command\u2011injection weakness (CWE\u201178). The likely attack vector is through the device\u2019s remote management interface after an authenticated session is established, commonly via default or compromised credentials; thus the vulnerability can be triggered from within the local network or via any remote user who can log in."}}}}, "created": "2025-06-23T08:20:14.290497+00:00", "updated": "2026-04-28T19:00:20.870845+00:00", "vendors": ["edimax", "edimax$PRODUCT$ew-7438rpn_mini"]}