Details of VAR-202506-1088

ID

VAR-202506-1088

CVE

CVE-2025-34024

TITLE

EDIMAX Technology of EW-7438RPn Mini Firmware Input Validation Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-014543

DESCRIPTION

An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can inject shell commands using shell metacharacters to achieve arbitrary command execution as the root user. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-34024 // JVNDB: JVNDB-2025-014543

AFFECTED PRODUCTS

vendor:	edimax	model:	ew-7438rpn mini	scope:	lte	version:	1.13	Trust: 1.0
vendor:	edimax	model:	ew-7438rpn mini	scope:	-	version:	-	Trust: 0.8
vendor:	edimax	model:	ew-7438rpn mini	scope:	eq	version:	-	Trust: 0.8
vendor:	edimax	model:	ew-7438rpn mini	scope:	lte	version:	ew-7438rpn mini firmware 1.13 and earlier	Trust: 0.8

sources: JVNDB: JVNDB-2025-014543 // NVD: CVE-2025-34024

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2025-34024
value:	HIGH
Trust: 1.0
disclosure@vulncheck.com:	CVE-2025-34024
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2025-34024
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2025-34024
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2025-34024
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-014543 // NVD: CVE-2025-34024 // NVD: CVE-2025-34024

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	CWE-20	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [ others ]	Trust: 0.8
problemtype:	OS Command injection (CWE-78) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-014543 // NVD: CVE-2025-34024

EXTERNAL IDS

db:	NVD	id:	CVE-2025-34024	Trust: 2.6
db:	EXPLOIT-DB	id:	48377	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-014543	Trust: 0.8

sources: JVNDB: JVNDB-2025-014543 // NVD: CVE-2025-34024

REFERENCES

url:	https://vulncheck.com/advisories/edimax-ew-7438rpn-command-injections	Trust: 1.8
url:	https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=32163	Trust: 1.8
url:	https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/	Trust: 1.8
url:	https://www.exploit-db.com/exploits/48377	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-34024	Trust: 0.8

sources: JVNDB: JVNDB-2025-014543 // NVD: CVE-2025-34024

SOURCES

db:	JVNDB	id:	JVNDB-2025-014543
db:	NVD	id:	CVE-2025-34024

LAST UPDATE DATE

2025-09-28T03:24:16.363000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-014543	date:	2025-09-26T06:31:00
db:	NVD	id:	CVE-2025-34024	date:	2025-09-23T15:34:07.843

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-014543	date:	2025-09-26T00:00:00
db:	NVD	id:	CVE-2025-34024	date:	2025-06-20T19:15:37.053