CVE-2026-7685
Published: 03 May 2026
Summary
CVE-2026-7685 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Notion (inferred from references). Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2026-7685 is a buffer overflow vulnerability affecting Edimax BR-6208AC routers running firmware versions up to 1.02. The issue resides in an unknown function within the /goform/setWAN file, where manipulation of the pptpDfGateway argument triggers the overflow. Classified under CWE-119 and CWE-120, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.
The vulnerability can be exploited remotely by an attacker with low privileges (PR:L), requiring no user interaction. Successful exploitation allows arbitrary code execution, potentially granting high levels of confidentiality, integrity, and availability compromise on the affected device. A public exploit is available, increasing the risk of widespread abuse.
Advisories from VulDB and related disclosures note that the vendor was contacted early but provided no response or patches. No official mitigations or firmware updates are referenced, leaving affected devices reliant on network segmentation, access controls, or device replacement for defense.
The exploit's public availability heightens the urgency for users of vulnerable Edimax BR-6208AC routers to isolate or decommission them, as no vendor remediation is forthcoming.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-26823
Vulnerability details
A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argument pptpDfGateway results in buffer overflow. The attack may be initiated remotely. The exploit is now…
more
public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public web management interface (/goform/setWAN) allows remote exploitation of public-facing application (T1190); requires low privileges but achieves full arbitrary code execution and high CIA impact, directly enabling privilege escalation (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents buffer overflow vulnerabilities by validating inputs like the pptpDfGateway argument before processing in the /goform/setWAN function.
Mitigates successful exploitation of the buffer overflow for arbitrary code execution through memory protections such as non-executable stacks and ASLR.
Requires timely remediation of flaws like CVE-2026-7685, including isolation or replacement of unpatched Edimax routers since no vendor fix is available.