CVE-2026-13580
HighCVSS 8.8Summary
A buffer overflow vulnerability has been detected in the Edimax EW-7478APC version 1.04 in the formQoS function of the /goform/formQoS file. An attacker can remotely manipulate the selSSID argument, leading to a buffer overflow. The exploit has been publicly disclosed and may be used.
Risk Assessment
The risk for the organization includes the possibility of remote code execution or device crash, which could lead to network disruption or device takeover.
Recommendation
It is recommended to immediately disconnect the device from the network and contact the vendor for a firmware update. If no update is available, consider replacing the device with one that receives security support.
Original NVD description (English source)
A security vulnerability has been detected in Edimax EW-7478APC 1.04. This affects the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

