CVE-2026-13583
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk36th percentile — higher than 36% of all known CVEs
Summary
A buffer overflow vulnerability was found in Edimax EW-7478APC version 1.04 in the formUSBFolder function of the /goform/formUSBFolder file. Manipulation of the ShareName/SelectName arguments in a POST request can cause a buffer overflow, enabling remote attack. The exploit has been publicly disclosed and may be used.
Risk Assessment
Remote exploitation could lead to device takeover, posing a risk to network security and sensitive data access. The vendor's lack of response increases the risk of exploitation.
Recommendation
Immediately disconnect the device from the network and contact the vendor for a firmware update. If no update is available, consider replacing the device with a supported model.
Original NVD description (English source)
A vulnerability has been found in Edimax EW-7478APC 1.04. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. Such manipulation of the argument ShareName/SelectName leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

