A vulnerability identified as critical has been detected in Edimax BR-6478AC 1.23 . This vulnerability affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler . The manipulation of the argument L2TPUserName leads to buffer overflow. This vulnerability is listed as CVE-2026-9443 . The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.