Ew 7478Apc
Monthly
Buffer overflow in the Edimax EW-7478APC wireless access point (firmware 1.04) lets remote attackers corrupt memory by sending an oversized ShareName or SelectName argument to the formUSBFolder handler at /goform/formUSBFolder. The flaw is reachable over the network and publicly available exploit code exists, though no active exploitation has been reported. Per the CVSS 4.0 vector it requires low-level authentication (PR:L) but yields full confidentiality, integrity, and availability impact on the device.
Remote buffer overflow in the Edimax EW-7478APC wireless access point (firmware 1.04) lets an authenticated attacker corrupt memory through the formUSBAccount handler at /goform/formUSBAccount by supplying oversized UserName or Password values in a POST request, enabling likely code execution or device crash. The flaw is remotely reachable and publicly available exploit code exists (proof-of-concept, CVSS 4.0 base 7.4), though there is no public exploit identified as actively used in the wild. The vendor was notified but did not respond, so no fix is expected.
OS command injection in the Edimax EW-7478APC wireless access point firmware 1.04 allows a network-reachable authenticated attacker to execute arbitrary OS commands on the device by manipulating the `rootAPmac` parameter in POST requests to `/goform/formStaDrvSetup`. A public proof-of-concept exploit is available, indexed by VulDB and documented externally, and the vendor did not respond to responsible disclosure - making a vendor-released patch unlikely in the near term. The provided CVSS 4.0 score of 2.1 appears to significantly understate actual impact, as OS command injection on embedded Linux network devices typically yields full device compromise rather than the 'Low' impact across all three dimensions assigned in the vector.
Buffer overflow in the Edimax EW-7478APC wireless access point (firmware 1.04) lets remote attackers overflow a buffer by manipulating the selSSID parameter in a POST request to the /goform/formQoS endpoint, potentially crashing the device or executing code on it. The flaw is network-reachable and publicly available exploit code exists (disclosed via VulDB and a Notion writeup), but it is not listed in CISA KEV and no active exploitation has been confirmed. The vendor was notified but did not respond, and no patched firmware has been published.
Buffer overflow in the Edimax EW-7478APC wireless access point (firmware 1.04) lets remote attackers corrupt memory by sending an oversized ShareName or SelectName argument to the formUSBFolder handler at /goform/formUSBFolder. The flaw is reachable over the network and publicly available exploit code exists, though no active exploitation has been reported. Per the CVSS 4.0 vector it requires low-level authentication (PR:L) but yields full confidentiality, integrity, and availability impact on the device.
Remote buffer overflow in the Edimax EW-7478APC wireless access point (firmware 1.04) lets an authenticated attacker corrupt memory through the formUSBAccount handler at /goform/formUSBAccount by supplying oversized UserName or Password values in a POST request, enabling likely code execution or device crash. The flaw is remotely reachable and publicly available exploit code exists (proof-of-concept, CVSS 4.0 base 7.4), though there is no public exploit identified as actively used in the wild. The vendor was notified but did not respond, so no fix is expected.
OS command injection in the Edimax EW-7478APC wireless access point firmware 1.04 allows a network-reachable authenticated attacker to execute arbitrary OS commands on the device by manipulating the `rootAPmac` parameter in POST requests to `/goform/formStaDrvSetup`. A public proof-of-concept exploit is available, indexed by VulDB and documented externally, and the vendor did not respond to responsible disclosure - making a vendor-released patch unlikely in the near term. The provided CVSS 4.0 score of 2.1 appears to significantly understate actual impact, as OS command injection on embedded Linux network devices typically yields full device compromise rather than the 'Low' impact across all three dimensions assigned in the vector.
Buffer overflow in the Edimax EW-7478APC wireless access point (firmware 1.04) lets remote attackers overflow a buffer by manipulating the selSSID parameter in a POST request to the /goform/formQoS endpoint, potentially crashing the device or executing code on it. The flaw is network-reachable and publicly available exploit code exists (disclosed via VulDB and a Notion writeup), but it is not listed in CISA KEV and no active exploitation has been confirmed. The vendor was notified but did not respond, and no patched firmware has been published.