CVE-2026-13582
HighCVSS 8.8Summary
A buffer overflow vulnerability has been found in Edimax EW-7478APC version 1.04 in the formUSBAccount function of the /goform/formUSBAccount file. An attacker can remotely manipulate the UserName/Password arguments, causing a buffer overflow. The exploit has been published and may be used.
Risk Assessment
The risk for the organization is the possibility of remote code execution or device crash, which could lead to network integrity compromise and data loss.
Recommendation
It is recommended to immediately disconnect the Edimax EW-7478APC device from the network and contact the vendor for a firmware update. If no update is available, consider replacing the device with a supported one.
Original NVD description (English source)
A flaw has been found in Edimax EW-7478APC 1.04. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. This manipulation of the argument UserName/Password causes buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

