CVE-2020-37125 CRITICAL

CVE-2020-37125: Edimax Technology EW-7438RPn-v3 Mini 1.27 - Remote Code Execution

Vendor Edimax Technology

Product EW-7438RPn Mini

Weakness CWE-78

Published February 5, 2026

Last update March 5, 2026

View on NVD All CVEs

CVSS base score

9.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands through the /goform/mp endpoint. Attackers can exploit the vulnerability by sending crafted POST requests with command injection payloads to download and execute malicious scripts on the device.

Key dates

02Disclosure timeline

February 5, 2026 CVE published

March 5, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-37125

Related vulnerabilities

04Related CVE

CVE-2025-34160 AnyShare ServiceAgent API Unauthenticated RCE CVE-2024-4506 Ruijie RG-UAC ip_addr_edit_commit.php os command injection CVE-2025-9387 DCN DCME-720 Web Management Backend ip_block.php os command injection CVE-2026-33396 OneUptime has sandbox escape in Synthetic Monitor Playwright runtime allows project members to execute arbitrary commands on Probe CVE-2026-25130 Cybersecurity AI vulnerable to command Injection through argument injection in find_file Agent tool