Skip to main content
Meet us at Black Hat USA 2026— Las Vegas, August 1–6Book a Meeting
Mallory
Back to vulnerabilities
UnratedPublic exploit

Stack-based Buffer Overflow in Edimax EW-7478APC formPPPoESetup

IdentifiersCVE-2026-13564CWE-121

CVE-2026-13564 is a remotely exploitable stack-based buffer overflow affecting Edimax EW-7478APC firmware version 1.04. The flaw is in the formPPPoESetup function exposed via the /goform/formPPPoESetup POST request handler. According to the provided content, supplying a crafted value in the pppUserName argument can overflow a stack buffer. The issue is reachable over the network and public exploit details are available. No additional vendor technical analysis or patch details were provided in the source content.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can crash the affected process or device and may allow an attacker to corrupt stack memory. Because the vulnerability is a stack-based buffer overflow in a remotely reachable request handler, exploitation may provide remote code execution in the security context of the vulnerable service, although the provided content does not explicitly confirm code execution. At minimum, remote denial of service is plausible, with elevated risk due to public exploit availability.

Mitigation

If you can’t patch tonight, do this now.

Restrict network access to the /goform/formPPPoESetup interface and the device management plane to trusted hosts only. Do not expose the affected device directly to untrusted networks or the internet. Use network segmentation, ACLs, firewall rules, and administrative interface hardening to reduce reachability. Monitor for suspicious POST requests targeting /goform/formPPPoESetup, especially anomalous or oversized pppUserName values, and watch for signs of device instability or repeated crashes.

Remediation

Patch, then assume compromise.

Update the Edimax EW-7478APC to a fixed firmware version if and when a vendor patch becomes available. The provided content specifically recommends applying vendor patches and updating device firmware. If no fix is available, organizations should track vendor advisories and replace or isolate affected devices as appropriate.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

ACTIVITY FEED

Recent activity

9 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

9 SOURCESView more in app
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity8

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2026-13564
NVD
nvd.nist.gov/vuln/detail/CVE-2026-13564
MITRE CWE · CWE-121
cwe.mitre.org