A vulnerability described as critical has been identified in Edimax EW-7478APC 1.04 . The impacted element is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler . The manipulation of the argument rootAPmac results in os command injection. This vulnerability was named CVE-2026-13561 . The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.