Description
A vulnerability has been found in Edimax EW-7478APC 1.04. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. Such manipulation of the argument ShareName/SelectName leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-06-29
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The router’s formUSBFolder POST handler does not properly validate the ShareName/SelectName argument. Sending an overly long string triggers a stack‑based buffer overflow that can lead to memory corruption, potential denial of service or arbitrary code execution. The bug is designated by CWE‑119 and CWE‑120. The description states the attack can be performed from a remote host and that the exploit has been made public.

Affected Systems

Edimax EW‑7478APC wireless router running firmware 1.04. No other versions are listed as affected.

Risk and Exploitability

The CVSS score is 8.7, indicating high severity. No EPSS score is reported, but the public disclosure and remote attack vector suggest a non‑negligible probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog. Attackers can trigger the overflow by sending a specially crafted POST request to /goform/formUSBFolder; from a remote location it can be used to crash or potentially run malicious code on the device.

Generated by OpenCVE AI on June 29, 2026 at 17:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from Edimax that patches the formUSBFolder buffer overflow.
  • If an update is not yet available, block remote access to the router’s administration interface or the /goform/formUSBFolder endpoint via a firewall or access control list.
  • As a temporary workaround, configure the router to limit the maximum length of ShareName/SelectName or disable the formUSBFolder feature, if such a configuration is exposed.

Generated by OpenCVE AI on June 29, 2026 at 17:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Edimax EW-7478APC 1.04. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. Such manipulation of the argument ShareName/SelectName leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Edimax EW-7478APC POST Request formUSBFolder buffer overflow
First Time appeared Edimax
Edimax ew-7478apc
Weaknesses CWE-119
CWE-120
CPEs cpe:2.3:a:edimax:ew-7478apc:*:*:*:*:*:*:*:*
Vendors & Products Edimax
Edimax ew-7478apc
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Edimax Ew-7478apc
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-29T15:45:07.689Z

Reserved: 2026-06-28T22:29:22.045Z

Link: CVE-2026-13583

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T20:45:03Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')