CVE-2026-13581 | Edimax EW-7478APC 1.04 POST Request /goform/formStaDrvSetup rootAPmac os command injection

A vulnerability, which was classified as critical, was found in Edimax EW-7478APC 1.04. This vulnerability affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. The manipulation of the argument rootAPmac results in os command injection.

This vulnerability is identified as CVE-2026-13581. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-13581 | Edimax EW-7478APC 1.04 POST Request /goform/formStaDrvSetup rootAPmac os command injection

Post correlati

CVE-2024-47945 | Rittal IoT Interface/CMC III Processing Unit Function Call rand generation of predictable numbers or identifiers

CVE-2024-51919 | Fancy Product Designer Plugin up to 6.4.3 on WordPress unrestricted upload

CVE-2026-41038 | Quantum Router QN-I-470 6.1.1.B1 Web-based Management Interface weak password (CIVN-2026-0200)

CVE-2025-10816 | Jinher OA 2.0 XML ?text=GetUrl&style=add xml external entity reference