CVE-2026-13581

MEDIUM NVD

CVSS Score 6.3

Severity MEDIUM

Published Jun 29, 2026

Vendor unknown

Description

A vulnerability was detected in Edimax EW-7478APC 1.04. This vulnerability affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. The manipulation of the argument rootAPmac results in os command injection. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

https://lavender-bicycle-a5a.notion.site/EDIMAX-EW-7478APC-formStaDrvSetup-34b53a41781f80a5805cfe72d78b76df
https://vuldb.com/cve/CVE-2026-13581
https://vuldb.com/submit/844116
https://vuldb.com/vuln/374587
https://vuldb.com/vuln/374587/cti