A vulnerability has been found in Edimax EW-7438RPn up to 1.31 and classified as critical . The affected element is the function formWpsStart of the file /goform/formWpsStart of the component webs . This manipulation of the argument pinCode causes os command injection. This vulnerability is registered as CVE-2026-9343 . Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.