CVE-2026-13564
Edimax EW-7478APC POST Request formPPPoESetup stack-based overflow
CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was found in Edimax EW-7478APC 1.04. Affected is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. Performing a manipulation of the argument pppUserName results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
| CWE | CWE-121 CWE-119 |
| Vendor | edimax |
| Product | ew-7478apc |
| Published | Jun 29, 2026 |
| Last Updated | Jun 29, 2026 |
Stay Ahead of the Next One
Get instant alerts for edimax ew-7478apc
Be the first to know when new high vulnerabilities affecting edimax ew-7478apc are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Edimax / EW-7478APC
1.04
References
vuldb.com: https://vuldb.com/vuln/374572 vuldb.com: https://vuldb.com/vuln/374572/cti vuldb.com: https://vuldb.com/cve/CVE-2026-13564 vuldb.com: https://vuldb.com/submit/844114 lavender-bicycle-a5a.notion.site: https://lavender-bicycle-a5a.notion.site/EDIMAX-EW-7478APC-formPPPoESetup-34b53a41781f80208e6be16a764f001c
Credits
๐ wxhwxhwxh_mie (VulDB User) VulDB CNA Team