CVE-2020-37096

Published: Feb 3, 2026Modified: Feb 20, 2026

5.1

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: disclosure@vulncheck.com (Secondary)

Description

Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerability in the MAC filtering configuration interface. Attackers can craft malicious web pages to trick users into adding unauthorized MAC addresses to the device's filtering rules without their consent.

Affected (1)

Products: Edimax: Ew 7438rpn Mini Firmware

1 product

Ew 7438rpn Mini Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Edimax Ew 7438rpn Mini Firmware	Version 1.13

Running on/with	Platform Versions
Edimax Ew 7438rpn Mini	All versions

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (3)

https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/

Source: disclosure@vulncheck.com

Product

https://www.exploit-db.com/exploits/48366

Source: disclosure@vulncheck.com

ExploitThird Party AdvisoryVDB Entry

https://www.vulncheck.com/advisories/edimax-ew-rpn-cross-site-request-forgery-mac-filtering

Source: disclosure@vulncheck.com

Broken Link

Timeline

No history available yet.