Skip to main content

Edimax EW-7478APC CVE-2026-13583

| EUVDEUVD-2026-40131 HIGH
Classic Buffer Overflow (CWE-120)
2026-06-29 VulDB GHSA-r8ch-529w-3cmj
7.4
CVSS 4.0 · Vendor: VulDB
Share

Severity by source

Vendor (VulDB) PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

Remotely reachable web handler (AV:N/AC:L/UI:N) but authentication is needed to reach formUSBFolder, so PR:L; memory corruption yields full device C/I/A impact with no scope change.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 29, 2026 - 16:32 vuln.today
CVSS changed
Jun 29, 2026 - 16:22 NVD
8.7 (HIGH) 7.4 (HIGH)

DescriptionCVE.org

A vulnerability has been found in Edimax EW-7478APC 1.04. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. Such manipulation of the argument ShareName/SelectName leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Buffer overflow in the Edimax EW-7478APC wireless access point (firmware 1.04) lets remote attackers corrupt memory by sending an oversized ShareName or SelectName argument to the formUSBFolder handler at /goform/formUSBFolder. The flaw is reachable over the network and publicly available exploit code exists, though no active exploitation has been reported. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach device web interface
Delivery
Authenticate with low-privilege credentials
Exploit
POST oversized ShareName/SelectName to /goform/formUSBFolder
Execution
Overflow buffer in formUSBFolder
Impact
Crash service or execute code on device

Vulnerability AssessmentAI

Exploitation Exploitation requires network access to the device's web management interface and valid authentication to reach the protected POST handler (CVSS PR:L indicates low-privilege credentials are needed - not unauthenticated). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed-to-moderate. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained valid (possibly low-privilege or default) credentials to the EW-7478APC web interface sends a crafted POST request to /goform/formUSBFolder with an overlong ShareName or SelectName value. The oversized input overflows the target buffer, crashing the management service or potentially executing attacker-controlled code on the device. …
Remediation No vendor-released patch identified at time of analysis - the vendor was contacted early but did not respond, so no fixed firmware version can be cited. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all Edimax EW-7478APC units and identify firmware versions; restrict network access to the /goform/formUSBFolder endpoint via firewall rules. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-13583 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy