A vulnerability described as critical has been identified in Edimax BR-6675nD 1.12 . Affected is the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler . Such manipulation of the argument L2TPUserName leads to buffer overflow. This vulnerability is uniquely identified as CVE-2026-9380 . The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.