CVE-2026-13563
HighCVSS 8.8Summary
A stack-based buffer overflow vulnerability was found in Edimax EW-7478APC version 1.04 in the formL2TPSetup function. An attacker can remotely manipulate the L2TPUserName argument, causing a buffer overflow. The exploit is public, and the vendor did not respond.
Risk Assessment
The risk for the organization includes remote code execution by an attacker, potentially leading to device takeover and further attacks on the network infrastructure.
Recommendation
Immediately disconnect the device from the network and contact the vendor for a firmware update. If unavailable, consider replacing the device with a supported alternative.
Original NVD description (English source)
A vulnerability has been found in Edimax EW-7478APC 1.04. This impacts the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

