Description
A vulnerability has been found in Edimax EW-7478APC 1.04. This impacts the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity (CVSS)
| Base score | 8.7 |
|---|---|
| Severity | High |
| Version | CVSS 4.0 |
| Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |
| Provided by | CNA |
Weaknesses
- CWE-121 — Stack-based Buffer Overflow
- CWE-119 — Memory Corruption
Affected products
| Vendor | Product | Versions |
|---|---|---|
| Edimax | EW-7478APC | 1.04 |
References
- https://vuldb.com/vuln/374571 (vdb-entry technical-description)
- https://vuldb.com/vuln/374571/cti (signature permissions-required)
- https://vuldb.com/cve/CVE-2026-13563 (third-party-advisory)
- https://vuldb.com/submit/844113 (third-party-advisory)
- https://lavender-bicycle-a5a.notion.site/EDIMAX-EW-7478APC-formL2TPSetup-34b53a41781f80f295f8ca2aa55e1226?pvs=73 (exploit)
Generated from the official CVE List on 30 Jun 2026 07:04 UTC.