CVE-2026-7684
HIGH · 8.8Public PoC disclosed; vendor non-responsive; high CVSS; defender guidance actionable but no mass-exploitation signal yet.
What: Buffer overflow in Edimax BR-6428nC router firmware (up to v1.16) in /goform/setWAN endpoint via pptpDfGateway parameter. CVSS 8.8 (HIGH). Remote, unauthenticated exploitation possible.
Why it matters: Public exploit disclosed same day as NVD publication; vendor unresponsive to early notification; no patch available. IoT device installed base at risk of RCE if remotely accessible.
Where it's seen: Security news feeds (Patchstack, OffSeq radar, Vulmon) and threat aggregators amplifying NVD entry within hours. Chatter driven by automated CVE feeds; one source explicitly flags unpatched state and recommends immediate mitigation.
RISK: HIGH — Unauthenticated remote buffer overflow, public PoC, unresponsive vendor, no patch timeline.
Public PoCs on GitHub 3 repos
- cometkim/awesome-list ★ 22
My personal awesome list based on GitHub stars
- mainrs/awesome-stars ★ 1
- getquoteonline/NSNPartLookup.com-Lookup-Order-NSN-NIIN-Cage-Code-Parts ★ 0
NSNPartLookup.com – Lookup & Order NSN, NIIN, Cage Code Parts
Articles & coverage 14 articles
- CVE-2026-7684 - Exploits & Severity - Feedly
# CVE-2026-7684 Published: May 2, 2026. CVE info copied to clipboard. The CVE description is not yet available but Feedly AI found some discussions about it. Feedly found the first article mentioning CVE-2026-7684.See article. May 2, 2026 at 11:40 AM / VulDB Recent Entries. Feedly estimated the CVSS as HIGHbased on the CVE details, attack complexity, and exploit information.Learn more. A severe vu
- CVE-2026-27684 - CVE Record
SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary
- CVE 2026 — The Vulnerabilities That Matter Most Right Now
# CVE 2026 — The Vulnerabilities That Matter Most Right Now. The search for “CVE 2026” looks broad on the surface, but the people typing it into Google are usually not looking for an encyclopedia of numbers. They lose because they treated every CVE as equal, patched by score instead of exploit reality, and discovered too late that the issues that changed their week were not generic application bug
- CVE-2026-20684 Detail - NVD
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.4. An app may bypass Gatekeeper checks.
- CVE-2026-40684 - Exploits & Severity - Feedly
# CVE-2026-40684. Unreviewed GitHub Security Advisory: GHSA-q496-q274-jgh9 Release Date: 2026-05-01 Update Date: 2026-05-01 Severity: Medium CVE-2026-40684 Base Score: 5.9 Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. An attac
› NVD details 2 CWE ·0 vendors · 4 refs expand
Description
A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the argument pptpDfGateway leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Top posts driving the trend
- @offseq.bsky.socialBluesky · 5/3/2026
Edimax BR-6428nC (1.0 – 1.16) faces a HIGH risk buffer overflow — remote exploit public, no patch from vendor. Restrict remote access or swap device now. https://radar.offseq.com/threat/cve-2026-7684-buffer-overflow-in-edimax-br-6428nc-0d59eb52 #OffSeq #IoTSecurity #Vulnerability
♥ 0 · ↻ 0 · 💬 0 
@infoflowcloudX · 5/3/2026🚨*CVE* CVE-2026-7684 A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the argumen… https://t.co/Ra2DRLxhHX ----- Traducción: CVE-2026-7684 Se … https://t.co/utmtNgl3sv`
♥ 0 · ↻ 0 · 💬 0
@CVEnewX · 5/3/2026CVE-2026-7684 A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the argumen… https://t.co/hsBdY9FbbQ
♥ 0 · ↻ 0 · 💬 0- @cve.skyfleet.blueBluesky · 5/3/2026
CVE-2026-7684 - Edimax BR-6428nC setWAN buffer overflow CVE ID : CVE-2026-7684 Published : May 3, 2026, 7:16 a.m. | 1 hour, 4 minutes ago Description : A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file...
♥ 0 · ↻ 0 · 💬 0 - @thehackerwire.bsky.socialBluesky · 5/3/2026
🟠 CVE-2026-7684 - High (8.8) A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknow... https://www.thehackerwire.com/vulnerability/CVE-2026-7684/ #infosec #cybersecurity #CVE #vulnerability #security #patchstack
♥ 1 · ↻ 0 · 💬 1 
@VulmonFeedsX · 5/3/2026CVE-2026-7684 Buffer Overflow in Edimax BR-6428nC Up to 1.16 setWAN Function https://t.co/L2aQCfDqK3
♥ 0 · ↻ 0 · 💬 0
