Sign-up

ID

VAR-202602-0150


CVE

CVE-2020-37096


TITLE

EDIMAX Technology of EW-7438RPn Mini  Cross-site request forgery vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-004625

DESCRIPTION

Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerability in the MAC filtering configuration interface. Attackers can craft malicious web pages to trick users into adding unauthorized MAC addresses to the device's filtering rules without their consent. MAC You can add an address.Information handled by the software will not be leaked to the outside. However, some of the information handled by the software may be rewritten. Furthermore, the software will not stop running. Furthermore, attacks exploiting this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2020-37096 // JVNDB: JVNDB-2026-004625

AFFECTED PRODUCTS

vendor:edimaxmodel:ew-7438rpn miniscope:eqversion:1.13

Trust: 1.0

vendor:edimaxmodel:ew-7438rpn miniscope:eqversion:ew-7438rpn mini firmware 1.13

Trust: 0.8

vendor:edimaxmodel:ew-7438rpn miniscope: - version: -

Trust: 0.8

vendor:edimaxmodel:ew-7438rpn miniscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-004625 // NVD: CVE-2020-37096

CVSS

SEVERITY

CVSSV2

CVSSV3

disclosure@vulncheck.com: CVE-2020-37096
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2020-37096
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-37096
value: MEDIUM

Trust: 0.8

disclosure@vulncheck.com: CVE-2020-37096
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2020-37096
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2020-37096
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-004625 // NVD: CVE-2020-37096 // NVD: CVE-2020-37096

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.0

problemtype:Cross-site request forgery (CWE-352) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-004625 // NVD: CVE-2020-37096

PATCH

title:Edimax EW-7438RPn - Cross-Site Request Forgery (MAC Filtering) - Hardware webapps Exploiturl:https://www.exploit-db.com/exploits/48366

Trust: 0.8

sources: JVNDB: JVNDB-2026-004625

EXTERNAL IDS

db:NVDid:CVE-2020-37096

Trust: 2.6

db:EXPLOIT-DBid:48366

Trust: 1.0

db:JVNDBid:JVNDB-2026-004625

Trust: 0.8

sources: JVNDB: JVNDB-2026-004625 // NVD: CVE-2020-37096

REFERENCES

url:https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/

Trust: 1.8

url:https://www.exploit-db.com/exploits/48366

Trust: 1.0

url:https://www.vulncheck.com/advisories/edimax-ew-rpn-cross-site-request-forgery-mac-filtering

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2020-37096

Trust: 0.8

sources: JVNDB: JVNDB-2026-004625 // NVD: CVE-2020-37096

SOURCES

db:JVNDBid:JVNDB-2026-004625
db:NVDid:CVE-2020-37096

LAST UPDATE DATE

2026-02-25T23:20:18.798000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-004625date:2026-02-24T07:44:00
db:NVDid:CVE-2020-37096date:2026-02-20T15:37:23.570

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-004625date:2026-02-24T00:00:00
db:NVDid:CVE-2020-37096date:2026-02-03T22:16:25.847