CVE Catalog

CVE-2026-13564

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Summary

A stack-based buffer overflow vulnerability was found in the formPPPoESetup function of the /goform/formPPPoESetup file in Edimax EW-7478APC version 1.04. An attacker can remotely manipulate the pppUserName argument, causing a buffer overflow. The exploit has been made public and could be used.

Risk Assessment

The risk for the organization includes potential remote code execution or device crash, which could lead to network disruption or device takeover.

Recommendation

It is recommended to immediately disconnect the device from the network and contact the vendor for a firmware update. If no update is available, consider replacing the device with a supported alternative.

Original NVD description (English source)

A vulnerability was found in Edimax EW-7478APC 1.04. Affected is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. Performing a manipulation of the argument pppUserName results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS