A security vulnerability has been detected in Edimax EW-7478APC 1.04. The affected element is the function formAccept of the file /goform/formAccept of the component POST Request Handler. The manipulation of the argument submit-url leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Metrics
Affected Vendors & Products
References
History
Tue, 30 Jun 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 29 Jun 2026 12:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A security vulnerability has been detected in Edimax EW-7478APC 1.04. The affected element is the function formAccept of the file /goform/formAccept of the component POST Request Handler. The manipulation of the argument submit-url leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| Title | Edimax EW-7478APC POST Request formAccept os command injection | |
| First Time appeared |
Edimax
Edimax ew-7478apc |
|
| Weaknesses | CWE-77 CWE-78 |
|
| CPEs | cpe:2.3:a:edimax:ew-7478apc:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Edimax
Edimax ew-7478apc |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published: 2026-06-29T10:45:06.716Z
Updated: 2026-06-30T15:39:24.726Z
Reserved: 2026-06-28T16:12:47.853Z
Link: CVE-2026-13560
Updated: 2026-06-30T15:39:20.524Z
No data.
No data.