Cyber Resilience

CVE-2026-7685

High

Published: 03 May 2026

Published
03 May 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0048 38.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-7685 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Notion (inferred from references). Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-7685 is a buffer overflow vulnerability affecting Edimax BR-6208AC routers running firmware versions up to 1.02. The issue resides in an unknown function within the /goform/setWAN file, where manipulation of the pptpDfGateway argument triggers the overflow. Classified under CWE-119 and CWE-120, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

The vulnerability can be exploited remotely by an attacker with low privileges (PR:L), requiring no user interaction. Successful exploitation allows arbitrary code execution, potentially granting high levels of confidentiality, integrity, and availability compromise on the affected device. A public exploit is available, increasing the risk of widespread abuse.

Advisories from VulDB and related disclosures note that the vendor was contacted early but provided no response or patches. No official mitigations or firmware updates are referenced, leaving affected devices reliant on network segmentation, access controls, or device replacement for defense.

The exploit's public availability heightens the urgency for users of vulnerable Edimax BR-6208AC routers to isolate or decommission them, as no vendor remediation is forthcoming.

EU & UK References

Vulnerability details

A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argument pptpDfGateway results in buffer overflow. The attack may be initiated remotely. The exploit is now…

more

public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Buffer overflow in public web management interface (/goform/setWAN) allows remote exploitation of public-facing application (T1190); requires low privileges but achieves full arbitrary code execution and high CIA impact, directly enabling privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-2935Shared CWE-119, CWE-120
CVE-2025-15461Shared CWE-119, CWE-120
CVE-2026-7288Shared CWE-119, CWE-120
CVE-2025-9781Shared CWE-119, CWE-120
CVE-2026-3814Shared CWE-119, CWE-120
CVE-2026-7749Shared CWE-119, CWE-120
CVE-2026-2904Shared CWE-119, CWE-120
CVE-2026-4318Shared CWE-119, CWE-120
CVE-2025-15217Shared CWE-119, CWE-120
CVE-2026-3274Shared CWE-119, CWE-120

Affected Assets

Notion
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents buffer overflow vulnerabilities by validating inputs like the pptpDfGateway argument before processing in the /goform/setWAN function.

prevent

Mitigates successful exploitation of the buffer overflow for arbitrary code execution through memory protections such as non-executable stacks and ASLR.

preventrecover

Requires timely remediation of flaws like CVE-2026-7685, including isolation or replacement of unpatched Edimax routers since no vendor fix is available.

References