CVE-2026-13560 MEDIUM

CVE-2026-13560: Edimax EW-7478APC POST Request formAccept os command injection

Vendor Edimax

Product EW-7478APC

Weakness CWE-78

Published June 29, 2026

Last update June 29, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security vulnerability has been detected in Edimax EW-7478APC 1.04. The affected element is the function formAccept of the file /goform/formAccept of the component POST Request Handler. The manipulation of the argument submit-url leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

June 29, 2026 CVE published

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-13560

Related vulnerabilities

CVE-2026-13560: Edimax EW-7478APC POST Request formAccept os command injection

01Description

02Disclosure timeline

03References

04Related CVE