CVE-2026-12809 | Edimax BR-6478AC V2 1.23 POST Request wiz_5in1_redirect newpass command injection

A vulnerability was found in Edimax BR-6478AC V2 1.23. It has been declared as critical. Affected is the function wiz_5in1_redirect of the file /goform/wiz_5in1_redirect of the component POST Request Handler. Such manipulation of the argument newpass leads to command injection.

This vulnerability is uniquely identified as CVE-2026-12809. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-12809 | Edimax BR-6478AC V2 1.23 POST Request wiz_5in1_redirect newpass command injection

Post correlati

CVE-2025-8208 | Spexo Addons for Elementor Plugin up to 1.0.23 on WordPress Countdown Widget cross site scripting

CVE-2025-36090 | IBM Analytics Content Hub 2.0/2.1/2.2/2.3 information exposure

CVE-2025-21138 | Adobe Substance3D up to 14.0 out-of-bounds write (apsb25-06)

CVE-2024-27967 | Michael Leithold DSGVO All in One for WP Plugin up to 4.3 on WordPress cross-site request forgery