Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable goform handler needs a low-privilege authenticated session (PR:L) and no user interaction; memory corruption yields full device C/I/A impact with unchanged scope.
Primary rating from Vendor (vuldb).
CVSS VectorVendor: vuldb
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A flaw has been found in Edimax EW-7478APC 1.04. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. This manipulation of the argument selSSID causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Memory corruption in the Edimax EW-7478APC wireless access point (firmware 1.04) lets a remote, low-privileged user overflow a buffer by submitting an oversized selSSID value to the /goform/formiNICSiteSurvey POST handler. Publicly available exploit code exists, and the vendor did not respond to disclosure, leaving deployed devices without an official fix. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network access to the device's web management interface plus a valid low-privileged authenticated session (CVSS PR:L) - the attacker must be able to reach and POST to the /goform/formiNICSiteSurvey endpoint and supply an attacker-controlled selSSID value, with the specific trigger being an oversized selSSID argument. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-supplied CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H) scores 7.4 (High): network-reachable, low complexity, no user interaction, and full confidentiality/integrity/availability impact on the device - but PR:L means a valid low-privilege session on the management interface is required, which meaningfully shrinks the attacker population versus a pre-auth bug. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained low-privilege access to the EW-7478APC web UI (e.g., via default or weak credentials, or a device left reachable on a flat network) sends a crafted POST request to /goform/formiNICSiteSurvey with an overlong selSSID parameter. The oversized value overflows the handler's buffer, crashing the management process (denial of service) or, with a tailored payload, redirecting execution to run attacker code on the device. … |
| Remediation | No vendor-released patch identified at time of analysis - the vendor was contacted early but did not respond, and no fixed firmware version is published in the available data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Inventory all Edimax EW-7478APC units in production, confirm firmware version 1.04 deployment status, assess network criticality, and restrict administrative access to affected devices. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40073
GHSA-7257-9x75-2ph5