CVE Catalog

CVE-2026-13582

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Summary

A buffer overflow vulnerability has been found in Edimax EW-7478APC version 1.04 in the formUSBAccount function of the /goform/formUSBAccount file. An attacker can remotely manipulate the UserName/Password arguments, causing a buffer overflow. The exploit has been published and may be used.

Risk Assessment

The risk for the organization is the possibility of remote code execution or device crash, which could lead to network integrity compromise and data loss.

Recommendation

It is recommended to immediately disconnect the Edimax EW-7478APC device from the network and contact the vendor for a firmware update. If no update is available, consider replacing the device with a supported one.

Original NVD description (English source)

A flaw has been found in Edimax EW-7478APC 1.04. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. This manipulation of the argument UserName/Password causes buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS