CVE-2026-13580 | A security vulnerability has been detected in Edimax EW-7478… | CVSS 8.8 HIGH

Description

A security vulnerability has been detected in Edimax EW-7478APC 1.04. This affects the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Metadata

CVE ID: CVE-2026-13580
State: PUBLISHED
Assigner: VulDB
Reserved: 2026-06-28 22:29 UTC
Published: 2026-06-29 15:00 UTC
Last updated: 2026-06-29 16:19 UTC
Primary CWE: CWE-120
Buffer Overflow
Vendor / Product: Edimax / EW-7478APC
Sources: cve.org · NVD

Severity & Metrics

8.8 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: no
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Edimax	EW-7478APC	—	1.04

Weakness (CWE)

CWE	Source	Description
CWE-119	cna	Memory Corruption
CWE-120	cna	Buffer Overflow

CVSS scores (4)

Score	Severity	Version	Source	Vector
9.0	N/D	2.0	cna	AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR
8.8	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
8.8	HIGH	3.0	cna	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
8.7	HIGH	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References (5)

VDB-374586 | Edimax EW-7478APC POST Request formQoS buffer overflow https://vuldb.com/vuln/374586
VDB-374586 | CTI Indicators (IOB, IOC, IOA) https://vuldb.com/vuln/374586/cti
CVE-2026-13580 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-13580
Submit #844115 | EDIMAX EW-7478APC EW-7478APC 1.04 Buffer Overflow https://vuldb.com/submit/844115
https://lavender-bicycle-a5a.notion.site/EDIMAX-EW-7478APC-formQoS-34b53a41781f8095bffacdea103a82d1