A vulnerability was found in Edimax EW-7438RPn 1.28a . It has been declared as critical . Affected by this issue is the function formwlencrypt24g of the file /goform/formwlencrypt24g of the component POST Request Handler . The manipulation of the argument key1 results in buffer overflow. This vulnerability is reported as CVE-2026-9360 . The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.