CVE-2026-13564

HIGH NVD

CVSS Score 8.8

Severity HIGH

Published Jun 29, 2026

Vendor unknown

Description

A vulnerability was found in Edimax EW-7478APC 1.04. Affected is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. Performing a manipulation of the argument pppUserName results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

https://lavender-bicycle-a5a.notion.site/EDIMAX-EW-7478APC-formPPPoESetup-34b53a41781f80208e6be16a764f001c
https://vuldb.com/cve/CVE-2026-13564
https://vuldb.com/submit/844114
https://vuldb.com/vuln/374572
https://vuldb.com/vuln/374572/cti