CVE-2026-13563 | Edimax EW-7478APC 1.04 POST Request /goform/formL2TPSetup L2TPUserName stack-based overflow

A vulnerability classified as critical was found in Edimax EW-7478APC 1.04. This impacts the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to stack-based buffer overflow.

This vulnerability is referenced as CVE-2026-13563. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-13563 | Edimax EW-7478APC 1.04 POST Request /goform/formL2TPSetup L2TPUserName stack-based overflow

Post correlati

CVE-2025-23672 | Instant Appointment Plugin up to 1.2 on WordPress cross site scripting

CVE-2025-68637 | Apache Uniffle up to 0.9.x SSL Configuration privilege escalation

CVE-2024-9006 | jeanmarc77 123solar 1.8.4.5 config/config_invt1.php PASSOx code injection (Issue 74)

CVE-2024-31352 | Email Subscribers & Newsletters Plugin up to 5.7.13 on WordPress authorization