Search criteria
3 vulnerabilities by EDIMAX Technology Co., Ltd.
CVE-2020-37097 (GCVE-0-2020-37097)
Vulnerability from cvelistv5 – Published: 2026-02-03 22:01 – Updated: 2026-02-04 20:23
VLAI?
Title
Edimax EW-7438RPn 1.13 - Information Disclosure (WiFi Password)
Summary
Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details through the wlencrypt_wiz.asp file. Attackers can access the script to retrieve sensitive information including WiFi network name and plaintext password stored in device configuration variables.
Severity ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| EDIMAX Technology Co., Ltd. | EW-7438RPn Mini |
Affected:
1.13
|
Credits
Besim ALTINOK
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37097",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T20:22:35.823364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T20:23:36.967Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "EW-7438RPn Mini",
"vendor": "EDIMAX Technology Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "1.13"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Besim ALTINOK"
}
],
"datePublic": "2020-04-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details through the wlencrypt_wiz.asp file. Attackers can access the script to retrieve sensitive information including WiFi network name and plaintext password stored in device configuration variables."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T22:01:54.059Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48365",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48365"
},
{
"name": "Edimax EW-7438RPn Product Homepage",
"tags": [
"product"
],
"url": "https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/"
},
{
"name": "VulnCheck Advisory: Edimax EW-7438RPn 1.13 - Information Disclosure (WiFi Password)",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/edimax-ew-rpn-information-disclosure-wifi-password"
}
],
"title": "Edimax EW-7438RPn 1.13 - Information Disclosure (WiFi Password)",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37097",
"datePublished": "2026-02-03T22:01:54.059Z",
"dateReserved": "2026-02-01T13:16:06.488Z",
"dateUpdated": "2026-02-04T20:23:36.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-37096 (GCVE-0-2020-37096)
Vulnerability from cvelistv5 – Published: 2026-02-03 22:01 – Updated: 2026-02-04 20:25
VLAI?
Title
Edimax EW-7438RPn - Cross-Site Request Forgery (MAC Filtering)
Summary
Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerability in the MAC filtering configuration interface. Attackers can craft malicious web pages to trick users into adding unauthorized MAC addresses to the device's filtering rules without their consent.
Severity ?
5.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| EDIMAX Technology Co., Ltd. | EW-7438RPn Mini |
Affected:
1.13
|
Credits
Besim ALTINOK
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37096",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T20:24:56.658599Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T20:25:16.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "EW-7438RPn Mini",
"vendor": "EDIMAX Technology Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "1.13"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Besim ALTINOK"
}
],
"datePublic": "2020-04-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerability in the MAC filtering configuration interface. Attackers can craft malicious web pages to trick users into adding unauthorized MAC addresses to the device\u0027s filtering rules without their consent."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T22:01:53.564Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48366",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48366"
},
{
"name": "Edimax EW-7438RPn Product Homepage",
"tags": [
"product"
],
"url": "https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/"
},
{
"name": "VulnCheck Advisory: Edimax EW-7438RPn - Cross-Site Request Forgery (MAC Filtering)",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/edimax-ew-rpn-cross-site-request-forgery-mac-filtering"
}
],
"title": "Edimax EW-7438RPn - Cross-Site Request Forgery (MAC Filtering)",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37096",
"datePublished": "2026-02-03T22:01:53.564Z",
"dateReserved": "2026-02-01T13:16:06.487Z",
"dateUpdated": "2026-02-04T20:25:16.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-30165 (GCVE-0-2021-30165)
Vulnerability from cvelistv5 – Published: 2021-04-27 03:07 – Updated: 2024-09-17 00:21
VLAI?
Title
EDIMAX Technology Co., Ltd. HD Wireless Day & Night Network Camera IC-3140W - Hard-coded password
Summary
The default administrator account & password of the EDIMAX wireless network camera is hard-coded. Remote attackers can disassemble firmware to obtain the privileged permission and further control the devices.
Severity ?
7.5 (High)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| EDIMAX Technology Co., Ltd. | IC-3140W |
Affected:
3.11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:59.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4670-359c8-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IC-3140W",
"vendor": "EDIMAX Technology Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "3.11"
}
]
}
],
"datePublic": "2021-04-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The default administrator account \u0026 password of the EDIMAX wireless network camera is hard-coded. Remote attackers can disassemble firmware to obtain the privileged permission and further control the devices."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-27T03:07:36.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4670-359c8-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update IC-3140W firmware to version 3.12"
}
],
"source": {
"advisory": "TVN-202104001",
"discovery": "EXTERNAL"
},
"title": "EDIMAX Technology Co., Ltd. HD Wireless Day \u0026 Night Network Camera IC-3140W - Hard-coded password",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-27T02:52:00.000Z",
"ID": "CVE-2021-30165",
"STATE": "PUBLIC",
"TITLE": "EDIMAX Technology Co., Ltd. HD Wireless Day \u0026 Night Network Camera IC-3140W - Hard-coded password"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IC-3140W",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "3.11",
"version_value": "3.11"
}
]
}
}
]
},
"vendor_name": "EDIMAX Technology Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default administrator account \u0026 password of the EDIMAX wireless network camera is hard-coded. Remote attackers can disassemble firmware to obtain the privileged permission and further control the devices."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4670-359c8-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4670-359c8-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update IC-3140W firmware to version 3.12"
}
],
"source": {
"advisory": "TVN-202104001",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-30165",
"datePublished": "2021-04-27T03:07:36.944Z",
"dateReserved": "2021-04-06T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:21:26.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}