A vulnerability classified as critical was found in Edimax EW-7478APC 1.04 . This impacts the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler . Such manipulation of the argument L2TPUserName leads to stack-based buffer overflow. This vulnerability is referenced as CVE-2026-13563 . It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.