Details of VAR-202602-0096

ID

VAR-202602-0096

CVE

CVE-2020-37125

TITLE

EDIMAX Technology of EW-7438RPn Mini in the firmware OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2026-004202

DESCRIPTION

Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands through the /goform/mp endpoint. Attackers can exploit the vulnerability by sending crafted POST requests with command injection payloads to download and execute malicious scripts on the device. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2020-37125 // JVNDB: JVNDB-2026-004202

AFFECTED PRODUCTS

vendor:	edimax	model:	ew-7438rpn mini	scope:	eq	version:	1.27	Trust: 1.0
vendor:	edimax	model:	ew-7438rpn mini	scope:	eq	version:	ew-7438rpn mini firmware 1.27	Trust: 0.8
vendor:	edimax	model:	ew-7438rpn mini	scope:	eq	version:	-	Trust: 0.8
vendor:	edimax	model:	ew-7438rpn mini	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-004202 // NVD: CVE-2020-37125

CVSS

SEVERITY

CVSSV2

CVSSV3

disclosure@vulncheck.com:	CVE-2020-37125
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2026-004202
value:	CRITICAL
Trust: 0.8

disclosure@vulncheck.com:	CVE-2020-37125
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-004202
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-004202 // NVD: CVE-2020-37125

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-004202 // NVD: CVE-2020-37125

PATCH

title:

Edimax Technology EW-7438RPn-v3 Mini 1.27 - Remote Code Execution - Hardware webapps Exploit

url:

https://www.exploit-db.com/exploits/48318

Trust: 0.8

sources: JVNDB: JVNDB-2026-004202

EXTERNAL IDS

db:	NVD	id:	CVE-2020-37125	Trust: 2.6
db:	EXPLOIT-DB	id:	48318	Trust: 1.0
db:	JVNDB	id:	JVNDB-2026-004202	Trust: 0.8

sources: JVNDB: JVNDB-2026-004202 // NVD: CVE-2020-37125

REFERENCES

url:	https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/	Trust: 1.8
url:	https://www.vulncheck.com/advisories/edimax-technology-ew-rpn-mini-remote-code-execution	Trust: 1.0
url:	https://www.exploit-db.com/exploits/48318	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2020-37125	Trust: 0.8

sources: JVNDB: JVNDB-2026-004202 // NVD: CVE-2020-37125

SOURCES

db:	JVNDB	id:	JVNDB-2026-004202
db:	NVD	id:	CVE-2020-37125

LAST UPDATE DATE

2026-02-21T23:14:59.889000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-004202	date:	2026-02-20T02:24:00
db:	NVD	id:	CVE-2020-37125	date:	2026-02-18T18:09:41.337

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-004202	date:	2026-02-20T00:00:00
db:	NVD	id:	CVE-2020-37125	date:	2026-02-05T17:16:07.207