CVE-2026-13582

HIGH NVD

CVSS Score 8.8

Severity HIGH

Published Jun 29, 2026

Vendor unknown

Description

A flaw has been found in Edimax EW-7478APC 1.04. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. This manipulation of the argument UserName/Password causes buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

https://lavender-bicycle-a5a.notion.site/EDIMAX-EW-7478APC-formUSBAccount-34b53a41781f8077ad48e4c3af9be499
https://vuldb.com/cve/CVE-2026-13582
https://vuldb.com/submit/844117
https://vuldb.com/vuln/374588
https://vuldb.com/vuln/374588/cti