Details of VAR-202602-0082

ID

VAR-202602-0082

CVE

CVE-2020-37097

TITLE

EDIMAX Technology of EW-7438RPn Mini Insufficient Credential Protection Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-004624

DESCRIPTION

Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details through the wlencrypt_wiz.asp file. Attackers can access the script to retrieve sensitive information including WiFi network name and plaintext password stored in device configuration variables. In addition, information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2020-37097 // JVNDB: JVNDB-2026-004624

AFFECTED PRODUCTS

vendor:	edimax	model:	ew-7438rpn mini	scope:	eq	version:	1.13	Trust: 1.0
vendor:	edimax	model:	ew-7438rpn mini	scope:	eq	version:	ew-7438rpn mini firmware 1.13	Trust: 0.8
vendor:	edimax	model:	ew-7438rpn mini	scope:	-	version:	-	Trust: 0.8
vendor:	edimax	model:	ew-7438rpn mini	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-004624 // NVD: CVE-2020-37097

CVSS

SEVERITY

CVSSV2

CVSSV3

disclosure@vulncheck.com:	CVE-2020-37097
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2026-004624
value:	HIGH
Trust: 0.8

disclosure@vulncheck.com:	CVE-2020-37097
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-004624
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-004624 // NVD: CVE-2020-37097

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.0
problemtype:	Inadequate protection of credentials (CWE-522) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-004624 // NVD: CVE-2020-37097

PATCH

title:

Edimax EW-7438RPn - Information Disclosure (WiFi Password) - Hardware webapps Exploit

url:

https://www.exploit-db.com/exploits/48365

Trust: 0.8

sources: JVNDB: JVNDB-2026-004624

EXTERNAL IDS

db:	NVD	id:	CVE-2020-37097	Trust: 2.6
db:	EXPLOIT-DB	id:	48365	Trust: 1.0
db:	JVNDB	id:	JVNDB-2026-004624	Trust: 0.8

sources: JVNDB: JVNDB-2026-004624 // NVD: CVE-2020-37097

REFERENCES

url:	https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/	Trust: 1.8
url:	https://www.exploit-db.com/exploits/48365	Trust: 1.0
url:	https://www.vulncheck.com/advisories/edimax-ew-rpn-information-disclosure-wifi-password	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2020-37097	Trust: 0.8

sources: JVNDB: JVNDB-2026-004624 // NVD: CVE-2020-37097

SOURCES

db:	JVNDB	id:	JVNDB-2026-004624
db:	NVD	id:	CVE-2020-37097

LAST UPDATE DATE

2026-02-25T23:23:45.805000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-004624	date:	2026-02-24T07:44:00
db:	NVD	id:	CVE-2020-37097	date:	2026-02-20T15:45:39.417

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-004624	date:	2026-02-24T00:00:00
db:	NVD	id:	CVE-2020-37097	date:	2026-02-03T22:16:26.037