Details of VAR-202602-0097

ID

VAR-202602-0097

CVE

CVE-2020-37150

TITLE

EDIMAX Technology of EW-7438RPn Mini Firmware vulnerability related to the injection of sensitive information into transmitted data

Trust: 0.8

sources: JVNDB: JVNDB-2026-004200

DESCRIPTION

Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizard_reboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by sending a GET request to this endpoint, exposing sensitive information without authentication. In addition, information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2020-37150 // JVNDB: JVNDB-2026-004200

AFFECTED PRODUCTS

vendor:	edimax	model:	ew-7438rpn mini	scope:	eq	version:	1.27	Trust: 1.0
vendor:	edimax	model:	ew-7438rpn mini	scope:	eq	version:	ew-7438rpn mini firmware 1.27	Trust: 0.8
vendor:	edimax	model:	ew-7438rpn mini	scope:	eq	version:	-	Trust: 0.8
vendor:	edimax	model:	ew-7438rpn mini	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-004200 // NVD: CVE-2020-37150

CVSS

SEVERITY

CVSSV2

CVSSV3

disclosure@vulncheck.com:	CVE-2020-37150
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2026-004200
value:	HIGH
Trust: 0.8

disclosure@vulncheck.com:	CVE-2020-37150
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-004200
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-004200 // NVD: CVE-2020-37150

PROBLEMTYPE DATA

problemtype:	CWE-201	Trust: 1.0
problemtype:	Inserting important information into transmitted data (CWE-201) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-004200 // NVD: CVE-2020-37150

PATCH

title:

Edimax Technology EW-7438RPn-v3 Mini 1.27 - Remote Code Execution - Hardware webapps Exploit

url:

https://www.exploit-db.com/exploits/48318

Trust: 0.8

sources: JVNDB: JVNDB-2026-004200

EXTERNAL IDS

db:	NVD	id:	CVE-2020-37150	Trust: 2.6
db:	EXPLOIT-DB	id:	48318	Trust: 1.0
db:	JVNDB	id:	JVNDB-2026-004200	Trust: 0.8

sources: JVNDB: JVNDB-2026-004200 // NVD: CVE-2020-37150

REFERENCES

url:	https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/	Trust: 1.8
url:	https://www.vulncheck.com/advisories/edimax-technology-ew-rpn-mini-unauthorized-access-wi-fi-password-disclosure	Trust: 1.0
url:	https://www.exploit-db.com/exploits/48318	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2020-37150	Trust: 0.8

sources: JVNDB: JVNDB-2026-004200 // NVD: CVE-2020-37150

SOURCES

db:	JVNDB	id:	JVNDB-2026-004200
db:	NVD	id:	CVE-2020-37150

LAST UPDATE DATE

2026-02-21T23:14:59.872000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-004200	date:	2026-02-20T02:24:00
db:	NVD	id:	CVE-2020-37150	date:	2026-02-18T17:57:00.387

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-004200	date:	2026-02-20T00:00:00
db:	NVD	id:	CVE-2020-37150	date:	2026-02-05T17:16:10.730