Description
A security vulnerability has been detected in Edimax EW-7478APC 1.04. This affects the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity (CVSS)
| Base score | 8.7 |
|---|---|
| Severity | High |
| Version | CVSS 4.0 |
| Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |
| Provided by | CNA |
Weaknesses
- CWE-120 — Buffer Overflow
- CWE-119 — Memory Corruption
Affected products
| Vendor | Product | Versions |
|---|---|---|
| Edimax | EW-7478APC | 1.04 |
References
- https://vuldb.com/vuln/374586 (vdb-entry technical-description)
- https://vuldb.com/vuln/374586/cti (signature permissions-required)
- https://vuldb.com/cve/CVE-2026-13580 (third-party-advisory)
- https://vuldb.com/submit/844115 (third-party-advisory)
- https://lavender-bicycle-a5a.notion.site/EDIMAX-EW-7478APC-formQoS-34b53a41781f8095bffacdea103a82d1 (broken-link exploit)
Generated from the official CVE List on 30 Jun 2026 07:04 UTC.