Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable management handler with low complexity but requiring an authenticated low-privilege session (PR:L); overflow in a privileged firmware process yields high C/I/A with no scope change.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A security vulnerability has been detected in Edimax EW-7478APC 1.04. This affects the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Buffer overflow in the Edimax EW-7478APC wireless access point (firmware 1.04) lets remote attackers overflow a buffer by manipulating the selSSID parameter in a POST request to the /goform/formQoS endpoint, potentially crashing the device or executing code on it. The flaw is network-reachable and publicly available exploit code exists (disclosed via VulDB and a Notion writeup), but it is not listed in CISA KEV and no active exploitation has been confirmed. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to reach the EW-7478APC HTTP management interface over the network and send a POST request to the /goform/formQoS handler with an oversized selSSID argument; the CVSS vector's PR:L indicates a low-privilege authenticated session to the management UI is needed, so this is not exploitable by a fully unauthenticated outsider against a default deployment. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The supplied CVSS 4.0 score is 7.4 (High) with vector AV:N/AC:L/AT:N/PR:L/UI:N and high impact to confidentiality, integrity and availability of the vulnerable system (VC:H/VI:H/VA:H), no subsequent-system impact, and exploit maturity E:P (proof-of-concept). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained low-privilege access to the access point's web interface - for example via default, weak, or reused credentials on a reachable management network - sends a crafted POST request to /goform/formQoS with an oversized selSSID value, overflowing the handler's buffer to crash the device or attempt code execution as the firmware's privileged process. A public proof-of-concept for this exact endpoint exists, lowering the effort required to reproduce the attack. |
| Remediation | No vendor-released patch identified at time of analysis - the vendor was contacted but did not respond, so there is no fixed firmware version to cite. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: inventory all Edimax EW-7478APC devices running firmware 1.04 and restrict management interface access to trusted networks only. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Ew 7478Apc
View allBuffer overflow in the Edimax EW-7478APC wireless access point (firmware 1.04) lets remote attackers corrupt memory by s
Remote buffer overflow in the Edimax EW-7478APC wireless access point (firmware 1.04) lets an authenticated attacker cor
OS command injection in the Edimax EW-7478APC wireless access point firmware 1.04 allows a network-reachable authenticat
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40124
GHSA-jv8x-v9mq-9q74