Cyber Resilience

CVE-2026-7684

High

Published: 03 May 2026

Published
03 May 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0048 38.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-7684 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Notion (inferred from references). Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-7684 is a buffer overflow vulnerability (CWE-119, CWE-120) in the Edimax BR-6428nC router, affecting versions up to 1.16. The flaw impacts an unknown function in the /goform/setWAN file, triggered by manipulation of the pptpDfGateway argument.

Attackers with low privileges can exploit this remotely over the network with low complexity and no user interaction required, as indicated by the CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, likely resulting in remote code execution.

Advisories from VulDB and a public disclosure on a Notion site note that the vendor was contacted early but provided no response or patch. The exploit code has been publicly released, increasing the risk of active exploitation.

EU & UK References

Vulnerability details

A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the argument pptpDfGateway leads to buffer overflow. The attack can be launched remotely. The exploit has…

more

been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in the exposed /goform/setWAN web interface of the router directly enables remote exploitation of a public-facing application for initial access and RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-6630Shared CWE-119, CWE-120
CVE-2026-7055Shared CWE-119, CWE-120
CVE-2026-1162Shared CWE-119, CWE-120
CVE-2025-12232Shared CWE-119, CWE-120
CVE-2025-15459Shared CWE-119, CWE-120
CVE-2025-7463Shared CWE-119, CWE-120
CVE-2026-2202Shared CWE-119, CWE-120
CVE-2026-5980Shared CWE-119, CWE-120
CVE-2026-7857Shared CWE-119, CWE-120
CVE-2026-7057Shared CWE-119, CWE-120

Affected Assets

Notion
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation and sanitization of the pptpDfGateway input to the /goform/setWAN function to prevent buffer overflow exploitation.

prevent

Implements memory protections like ASLR and DEP to mitigate remote code execution from buffer overflows even if input validation fails.

prevent

Mandates timely remediation of identified flaws such as CVE-2026-7684 through patching or compensatory controls given the vendor's lack of response.

References