CVE-2026-13563

Publié : 29 juin 2026

Modifié : 29 juin 2026

Score CVSS

8.8

HIGH

Description détaillée

A vulnerability has been found in Edimax EW-7478APC 1.04. This impacts the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Références et Patchs

https://lavender-bicycle-a5a.notion.site/EDIMAX-EW-7478APC-formL2TPSetup-34b53a41781f80f295f8ca2aa55e1226?pvs=73 https://vuldb.com/cve/CVE-2026-13563 https://vuldb.com/submit/844113 https://vuldb.com/vuln/374571 https://vuldb.com/vuln/374571/cti

Dernières Vulnérabilités

CVE-2026-57525

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

VOIR DÉTAILS

CVE-2026-57523

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

VOIR DÉTAILS

CVE-2026-57341

Unauthenticated Insecure Direct Object References (IDOR) in Colissimo Officiel : Méthodes de livraison pour WooCommerce <= 2.9.0 versions.

VOIR DÉTAILS