Description
A flaw has been found in Edimax EW-7478APC 1.04. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. This manipulation of the argument selSSID causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-06-29
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a buffer overflow in the formiNICSiteSurvey function within the Edimax EW-7478APC firmware 1.04. By manipulating the selSSID argument in a crafted POST request to /goform/formiNICSiteSurvey, a remote attacker can overflow the stack and potentially execute arbitrary code on the device. The vulnerability is remote and exploit code has been published, indicating real‑world risk of compromise.

Affected Systems

The affected product is the Edimax EW‑7478APC wireless router running firmware version 1.04. Vulnerability resides in the POST request handler at /goform/formiNICSiteSurvey exposed by the router’s web management interface.

Risk and Exploitability

The CVSS score of 8.7 demonstrates high severity, the EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Exploit code has been released, so the risk of exploitation is significant. The likely attack vector is remote: an attacker with network access to the device can trigger the overflow without prior authentication by sending a malicious POST request.

Generated by OpenCVE AI on June 29, 2026 at 14:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s firmware update that fixes the buffer‑overflow bug in the formiNICSiteSurvey handler.
  • If a patch is not yet available, isolate the router’s web management interface by restricting access to a trusted network or VPN only.
  • If the router’s settings permit, disable or block POST requests to /goform/formiNICSiteSurvey to prevent exploitation.
  • Monitor access logs for any unexpected POST activity to the management interface.

Generated by OpenCVE AI on June 29, 2026 at 14:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 12:00:00 +0000

Type Values Removed Values Added
Description A flaw has been found in Edimax EW-7478APC 1.04. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. This manipulation of the argument selSSID causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Edimax EW-7478APC POST Request formiNICSiteSurvey buffer overflow
First Time appeared Edimax
Edimax ew-7478apc
Weaknesses CWE-119
CWE-120
CPEs cpe:2.3:a:edimax:ew-7478apc:*:*:*:*:*:*:*:*
Vendors & Products Edimax
Edimax ew-7478apc
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Edimax Ew-7478apc
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-29T11:15:07.301Z

Reserved: 2026-06-28T16:12:53.032Z

Link: CVE-2026-13562

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T18:00:05Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')