CVE Catalog

CVE-2026-13560

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.16%

63th percentile — higher than 63% of all known CVEs

Summary

A security vulnerability has been detected in Edimax EW-7478APC 1.04, where the formAccept function in /goform/formAccept of the POST Request Handler component is vulnerable to OS command injection via the submit-url argument. The attack can be performed remotely, and the exploit has been publicly disclosed.

Risk Assessment

The organization is at risk of remote code execution on the device, potentially leading to network compromise, data exfiltration, or lateral movement within the infrastructure.

Recommendation

Immediately disconnect or isolate the affected device from the production network and contact the vendor for a firmware update. Until a patch is available, restrict access to management interfaces and apply firewall rules to block untrusted traffic.

Original NVD description (English source)

A security vulnerability has been detected in Edimax EW-7478APC 1.04. The affected element is the function formAccept of the file /goform/formAccept of the component POST Request Handler. The manipulation of the argument submit-url leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS