CVE-2026-13581
Edimax EW-7478APC POST Request formStaDrvSetup os command injection
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was detected in Edimax EW-7478APC 1.04. This vulnerability affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. The manipulation of the argument rootAPmac results in os command injection. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
| CWE | CWE-78 CWE-77 |
| Vendor | edimax |
| Product | ew-7478apc |
| Published | Jun 29, 2026 |
Stay Ahead of the Next One
Get instant alerts for edimax ew-7478apc
Be the first to know when new medium vulnerabilities affecting edimax ew-7478apc are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Edimax / EW-7478APC
1.04
References
vuldb.com: https://vuldb.com/vuln/374587 vuldb.com: https://vuldb.com/vuln/374587/cti vuldb.com: https://vuldb.com/cve/CVE-2026-13581 vuldb.com: https://vuldb.com/submit/844116 lavender-bicycle-a5a.notion.site: https://lavender-bicycle-a5a.notion.site/EDIMAX-EW-7478APC-formStaDrvSetup-34b53a41781f80a5805cfe72d78b76df
Credits
๐ wxhwxhwxh_mie (VulDB User) VulDB CNA Team