Details of VAR-202602-0095

ID

VAR-202602-0095

CVE

CVE-2020-37149

TITLE

EDIMAX Technology of EW-7438RPn Mini Cross-site request forgery vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-004201

DESCRIPTION

Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery (CSRF) that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the /goform/mp endpoint, resulting in arbitrary command execution on the device with the user's privileges. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2020-37149 // JVNDB: JVNDB-2026-004201

AFFECTED PRODUCTS

vendor:	edimax	model:	ew-7438rpn mini	scope:	eq	version:	1.27	Trust: 1.0
vendor:	edimax	model:	ew-7438rpn mini	scope:	eq	version:	ew-7438rpn mini firmware 1.27	Trust: 0.8
vendor:	edimax	model:	ew-7438rpn mini	scope:	eq	version:	-	Trust: 0.8
vendor:	edimax	model:	ew-7438rpn mini	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-004201 // NVD: CVE-2020-37149

CVSS

SEVERITY

CVSSV2

CVSSV3

disclosure@vulncheck.com:	CVE-2020-37149
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2020-37149
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-37149
value:	HIGH
Trust: 0.8

disclosure@vulncheck.com:	CVE-2020-37149
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2020-37149
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-37149
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-004201 // NVD: CVE-2020-37149 // NVD: CVE-2020-37149

PROBLEMTYPE DATA

problemtype:	CWE-352	Trust: 1.0
problemtype:	Cross-site request forgery (CWE-352) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-004201 // NVD: CVE-2020-37149

PATCH

title:

Edimax Technology EW-7438RPn-v3 Mini 1.27 - Remote Code Execution - Hardware webapps Exploit

url:

https://www.exploit-db.com/exploits/48318

Trust: 0.8

sources: JVNDB: JVNDB-2026-004201

EXTERNAL IDS

db:	NVD	id:	CVE-2020-37149	Trust: 2.6
db:	EXPLOIT-DB	id:	48318	Trust: 1.0
db:	JVNDB	id:	JVNDB-2026-004201	Trust: 0.8

sources: JVNDB: JVNDB-2026-004201 // NVD: CVE-2020-37149

REFERENCES

url:	https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/	Trust: 1.8
url:	https://www.vulncheck.com/advisories/edimax-technology-ew-rpn-mini-cross-site-request-forgery-csrf-to-command-execution	Trust: 1.0
url:	https://www.exploit-db.com/exploits/48318	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2020-37149	Trust: 0.8

sources: JVNDB: JVNDB-2026-004201 // NVD: CVE-2020-37149

SOURCES

db:	JVNDB	id:	JVNDB-2026-004201
db:	NVD	id:	CVE-2020-37149

LAST UPDATE DATE

2026-02-21T23:14:59.905000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-004201	date:	2026-02-20T02:24:00
db:	NVD	id:	CVE-2020-37149	date:	2026-02-18T18:09:12.933

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-004201	date:	2026-02-20T00:00:00
db:	NVD	id:	CVE-2020-37149	date:	2026-02-05T17:16:10.567