Skip to main content

Edimax EW-7478APC CVE-2026-13580

| EUVDEUVD-2026-40124 HIGH
Classic Buffer Overflow (CWE-120)
2026-06-29 VulDB GHSA-jv8x-v9mq-9q74
7.4
CVSS 4.0 · Vendor: VulDB
Share

Severity by source

Vendor (VulDB) PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

Network-reachable management handler with low complexity but requiring an authenticated low-privilege session (PR:L); overflow in a privileged firmware process yields high C/I/A with no scope change.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 29, 2026 - 16:31 vuln.today
CVSS changed
Jun 29, 2026 - 16:22 NVD
8.7 (HIGH) 7.4 (HIGH)

DescriptionCVE.org

A security vulnerability has been detected in Edimax EW-7478APC 1.04. This affects the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Buffer overflow in the Edimax EW-7478APC wireless access point (firmware 1.04) lets remote attackers overflow a buffer by manipulating the selSSID parameter in a POST request to the /goform/formQoS endpoint, potentially crashing the device or executing code on it. The flaw is network-reachable and publicly available exploit code exists (disclosed via VulDB and a Notion writeup), but it is not listed in CISA KEV and no active exploitation has been confirmed. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach AP management interface
Delivery
Authenticate with low-priv credentials
Exploit
POST oversized selSSID to /goform/formQoS
Execution
Overflow buffer in formQoS handler
Impact
Crash device or execute code as firmware process

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to reach the EW-7478APC HTTP management interface over the network and send a POST request to the /goform/formQoS handler with an oversized selSSID argument; the CVSS vector's PR:L indicates a low-privilege authenticated session to the management UI is needed, so this is not exploitable by a fully unauthenticated outsider against a default deployment. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The supplied CVSS 4.0 score is 7.4 (High) with vector AV:N/AC:L/AT:N/PR:L/UI:N and high impact to confidentiality, integrity and availability of the vulnerable system (VC:H/VI:H/VA:H), no subsequent-system impact, and exploit maturity E:P (proof-of-concept). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained low-privilege access to the access point's web interface - for example via default, weak, or reused credentials on a reachable management network - sends a crafted POST request to /goform/formQoS with an oversized selSSID value, overflowing the handler's buffer to crash the device or attempt code execution as the firmware's privileged process. A public proof-of-concept for this exact endpoint exists, lowering the effort required to reproduce the attack.
Remediation No vendor-released patch identified at time of analysis - the vendor was contacted but did not respond, so there is no fixed firmware version to cite. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: inventory all Edimax EW-7478APC devices running firmware 1.04 and restrict management interface access to trusted networks only. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-13580 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy