A vulnerability marked as critical has been reported in Edimax BR-6675nD 1.12 . This impacts the function formWpsStart of the file /goform/formWpsStart of the component POST Request Handler . This manipulation of the argument pinCode causes command injection. This vulnerability is handled as CVE-2026-9379 . The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.