CVE Catalog

CVE-2026-13580

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Summary

A buffer overflow vulnerability has been detected in the Edimax EW-7478APC version 1.04 in the formQoS function of the /goform/formQoS file. An attacker can remotely manipulate the selSSID argument, leading to a buffer overflow. The exploit has been publicly disclosed and may be used.

Risk Assessment

The risk for the organization includes the possibility of remote code execution or device crash, which could lead to network disruption or device takeover.

Recommendation

It is recommended to immediately disconnect the device from the network and contact the vendor for a firmware update. If no update is available, consider replacing the device with one that receives security support.

Original NVD description (English source)

A security vulnerability has been detected in Edimax EW-7478APC 1.04. This affects the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS