CVE-2026-13561
MediumCVSS 6.3Summary
A vulnerability was found in Edimax EW-7478APC version 1.04, allowing OS command injection via the rootAPmac argument in the formiNICbasic function. The attack is remotely exploitable and the exploit is publicly available.
Risk Assessment
The organization risks remote compromise of the device, potentially leading to network breaches, data leaks, or lateral movement within the infrastructure.
Recommendation
Immediately disconnect or isolate the device from the production network until a vendor patch is released. Consider replacing the device with a supported model.
Original NVD description (English source)
A vulnerability was detected in Edimax EW-7478APC 1.04. The impacted element is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. The manipulation of the argument rootAPmac results in os command injection. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

