CVE-2020-37150

HighPublic PoC

Published: 05 February 2026

Published

05 February 2026

Modified

18 February 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0014 34.0th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-37150 is a high-severity Insertion of Sensitive Information Into Sent Data (CWE-201) vulnerability in Edimax Ew-7438Rpn Mini Firmware. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 34.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SI-20 Tainting

addresses: CWE-201

Embedding taints allows detection when sensitive data is inserted into outbound or sent data streams.

NVD Description

Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizard_reboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by sending a GET request to this endpoint, exposing sensitive information…

without authentication.

Deeper analysisAI

CVE-2020-37150 is a vulnerability in the Edimax EW-7438RPn-v3 Mini firmware version 1.27 that permits unauthenticated access to the /wizard_reboot.asp page when the device is in unsetup mode. This endpoint discloses the Wi-Fi SSID and security key upon a simple GET request, resulting in exposure of sensitive information without requiring authentication. The issue is classified under CWE-201 (Exposure of Sensitive Information to an Unauthorized Actor) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), highlighting high confidentiality impact from a network-based attack with low complexity.

Unauthenticated attackers with network access to the affected device can exploit this vulnerability by sending a GET request to the /wizard_reboot.asp endpoint. No user interaction or privileges are needed, allowing remote retrieval of the wireless password and SSID, which could enable unauthorized Wi-Fi network access or serve as a foothold for broader network reconnaissance and compromise.

Reference URLs include the Edimax product page for the EW-7438RPn Mini, an Exploit-DB entry (48318) detailing the exploit, and a VulnCheck advisory on the unauthorized Wi-Fi password disclosure in Edimax EW-RPN Mini devices. These resources document the issue but do not specify patches or mitigations in the provided information. Security practitioners should review them directly and consider isolating or updating affected devices.

Details

CWE(s): CWE-201

Affected Products

edimax

ew-7438rpn mini firmware

1.27

CVEs Like This One

CVE-2020-37125Same product: Edimax Ew-7438Rpn Mini

CVE-2020-37149Same product: Edimax Ew-7438Rpn Mini

CVE-2020-37097Same product: Edimax Ew-7438Rpn Mini

CVE-2025-22913Same vendor: Edimax

CVE-2025-22906Same vendor: Edimax

CVE-2025-1316Same vendor: Edimax

CVE-2026-1972Same vendor: Edimax

CVE-2025-22904Same vendor: Edimax

CVE-2025-22916Same vendor: Edimax

CVE-2025-22905Same vendor: Edimax

References

https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/
Product · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/48318
Exploit, Third Party Advisory, VDB Entry · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/edimax-technology-ew-rpn-mini-unauthorized-access-wi-fi-password-disclosure
Broken Link · disclosure@vulncheck.com