CVE-2026-13581
MediumCVSS 6.3Exploitation Probability (EPSS)
Elevated risk63th percentile — higher than 63% of all known CVEs
Summary
A vulnerability was found in Edimax EW-7478APC 1.04, involving OS command injection in the formStaDrvSetup function via the rootAPmac argument. The attack is remotely exploitable and the exploit is publicly available.
Risk Assessment
The organization risks remote compromise of the device, potentially leading to network breaches, data leakage, or lateral movement within the infrastructure.
Recommendation
Immediately disconnect or isolate the affected device from the production network and contact the vendor for a patch. If no update is available, consider replacing the device with a supported model.
Original NVD description (English source)
A vulnerability was detected in Edimax EW-7478APC 1.04. This vulnerability affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. The manipulation of the argument rootAPmac results in os command injection. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

