A critical unauthenticated remote code execution vulnerability in Edimax Wi-Fi extenders allows attackers to take full control of the device by sending crafted POST requests.

The vulnerability is located in the /goform/mp web endpoint. It allows an unauthenticated attacker to perform command injection by sending a crafted POST request. This enables the attacker to download and execute malicious scripts directly on the device hardware.

Compromised Wi-Fi extenders can be used as persistent entry points into a corporate or home network. Attackers can perform man-in-the-middle attacks, sniff network traffic, or use the device as part of a botnet for DDoS attacks. The CVSS score of 9.8 reflects the ease of exploitation and the total compromise of the affected hardware.

Immediate Action: Update the firmware of the Edimax EW-7438RPn-v3 Mini to the latest version immediately. If the device is end-of-life, it should be replaced.

Proactive Monitoring: Monitor network traffic for unusual POST requests to the /goform/mp endpoint and watch for unauthorized outbound connections from IoT devices.

Compensating Controls: Place IoT devices like Wi-Fi extenders on a segregated VLAN with no access to sensitive internal resources or the management interfaces of other devices.

Public Exploit Available: No

The ability for an unauthenticated attacker to execute commands remotely makes this a critical security risk. We recommend that organizations and individuals using these Edimax devices verify their firmware versions immediately. If a patch is not available from the vendor, the device should be decommissioned to prevent it from becoming a liability.