A vulnerability was found in Edimax EW-7478APC 1.04. Affected is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. Performing a manipulation of the argument pppUserName results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Casky was already ahead
This CVE exploits attack patterns that Casky's 277matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
CVE-2026-13564 is a stack-based buffer overflow vulnerability in the Edimax EW-7478APC wireless router, specifically in the PPPoE setup function that processes user-supplied input without proper bounds checking. This vulnerability carries a CVSS score of 8.8 (high severity) and affects a critical network device that many organizations and consumers rely on for internet connectivity. Because the vulnerable component is a POST request handler accessible remotely, an attacker can exploit this without authentication by sending specially crafted input to the pppUserName parameter, potentially achieving arbitrary code execution on the device. The lack of vendor response and public availability of exploit code significantly increases the risk of widespread exploitation in the wild.
Casky's platform identifies attack patterns associated with this vulnerability across MITRE ATT&CK techniques TA0002 (Execution) and TA0003 (Persistence), with 277 mapped security skills available for detection and response. Practitioners using Casky would observe findings aligned with memory corruption patterns—specifically CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow). The detection intelligence would flag suspicious POST requests to /goform/formPPPoESetup with oversized or malformed pppUserName payloads, stack canary violations, unexpected instruction pointer modifications, and post-exploitation indicators such as process spawning or network connections originating from the router itself. Extended reasoning across the skill set would correlate these signals with typical buffer overflow exploitation chains, enabling practitioners to distinguish legitimate traffic from attack attempts and implement targeted mitigation strategies.
Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →
These skills use Claude AI's reasoning model to surface findings in the same attack categories as CVE-2026-13564.
Casky has 277 skills that investigate the attack patterns behind CVE-2026-13564. Run one and get CVSS-scored findings in 3 minutes.
Run the skill that detects this →Account Takeover
red teaming · high
Account Takeover
red teaming · high
Account Takeover: Exposed API Key
digital forensics · low
Account Takeover: Exposed Login Credential
red teaming · high
Account Takeover: Exposed Login Credential
soc operations · low
Account Takeover: Exposed Login Credential
threat hunting · low
acquiring-disk-image-with-dd-and-dcfldd
digital forensics · low
analyzing-android-malware-with-apktool
malware analysis · medium
analyzing-bootkit-and-rootkit-samples
malware analysis · medium
analyzing-browser-forensics-with-hindsight
digital forensics · low
analyzing-cobalt-strike-beacon-configuration
malware analysis · medium
analyzing-cobaltstrike-malleable-c2-profiles
malware analysis · medium
analyzing-command-and-control-communication
malware analysis · medium
analyzing-disk-image-with-autopsy
digital forensics · low
analyzing-dns-logs-for-exfiltration
soc operations · low
analyzing-docker-container-forensics
digital forensics · low
analyzing-golang-malware-with-ghidra
malware analysis · medium
analyzing-heap-spray-exploitation
malware analysis · medium
analyzing-kubernetes-audit-logs
container security · low
analyzing-linux-kernel-rootkits
digital forensics · low
analyzing-linux-system-artifacts
digital forensics · low
analyzing-lnk-file-and-jump-list-artifacts
digital forensics · low
analyzing-macro-malware-in-office-documents
malware analysis · medium
analyzing-malicious-pdf-with-peepdf
malware analysis · medium
analyzing-malware-behavior-with-cuckoo-sandbox
malware analysis · medium
analyzing-malware-persistence-with-autoruns
malware analysis · medium
analyzing-malware-sandbox-evasion-techniques
malware analysis · medium
analyzing-memory-dumps-with-volatility
malware analysis · medium
analyzing-mft-for-deleted-file-recovery
digital forensics · low
analyzing-network-covert-channels-in-malware
malware analysis · medium
analyzing-network-traffic-of-malware
malware analysis · medium
analyzing-outlook-pst-for-email-forensics
digital forensics · low
analyzing-packed-malware-with-upx-unpacker
malware analysis · medium
analyzing-pdf-malware-with-pdfid
malware analysis · medium
analyzing-persistence-mechanisms-in-linux
threat hunting · low
analyzing-powershell-empire-artifacts
threat hunting · low
analyzing-prefetch-files-for-execution-history
digital forensics · low
analyzing-slack-space-and-file-system-artifacts
digital forensics · low
analyzing-supply-chain-malware-artifacts
malware analysis · medium
analyzing-usb-device-connection-history
digital forensics · low
analyzing-windows-amcache-artifacts
digital forensics · low
analyzing-windows-event-logs-in-splunk
soc operations · low
analyzing-windows-lnk-files-for-artifacts
digital forensics · low
analyzing-windows-prefetch-with-python
digital forensics · low
analyzing-windows-registry-for-artifacts
digital forensics · low
analyzing-windows-shellbag-artifacts
digital forensics · low
auditing-kubernetes-rbac-privilege-escalation
container security · low
benchmarking-kubernetes-with-kube-bench
container security · low
building-automated-malware-submission-pipeline
soc operations · low
building-c2-infrastructure-with-sliver-framework
red teaming · high
building-c2-redirector-infrastructure
red teaming · high
building-detection-rule-with-splunk-spl
soc operations · low
building-detection-rules-with-sigma
soc operations · low
building-incident-response-dashboard
soc operations · low
building-red-team-c2-infrastructure-with-havoc
red teaming · high
building-soc-escalation-matrix
soc operations · low
building-soc-metrics-and-kpi-tracking
soc operations · low
building-super-timelines-with-plaso
digital forensics · low
building-threat-hunt-hypothesis-framework
threat hunting · low
building-threat-intelligence-enrichment-in-splunk
soc operations · low
building-threat-intelligence-feed-integration
soc operations · low
building-vulnerability-scanning-workflow
soc operations · low
coercing-authentication-with-coercer-petitpotam
red teaming · high
conducting-api-security-testing
penetration testing · medium
conducting-domain-persistence-with-dcsync
red teaming · high
conducting-external-reconnaissance-with-osint
penetration testing · medium
conducting-full-scope-red-team-engagement
red teaming · high
conducting-internal-network-penetration-test
penetration testing · medium
conducting-internal-reconnaissance-with-bloodhound-ce
red teaming · high
conducting-mobile-app-penetration-test
penetration testing · medium
conducting-network-penetration-test
penetration testing · medium
conducting-pass-the-ticket-attack
red teaming · high
conducting-wireless-network-penetration-test
penetration testing · medium
configuring-host-based-intrusion-detection
endpoint security · low
configuring-windows-defender-advanced-settings
endpoint security · low
configuring-windows-event-logging-for-detection
endpoint security · low
Conversion to Physical Monetary Instruments: Cash
digital forensics · low
correlating-security-events-in-qradar
soc operations · low
Create Fake Materials: Fake Website
penetration testing · medium
Create Fake Materials: Fake Website
digital forensics · low
Create Fake Materials: Fake Website
threat hunting · low
deobfuscating-javascript-malware
malware analysis · medium
deobfuscating-powershell-obfuscated-malware
malware analysis · medium
deploying-edr-agent-with-crowdstrike
endpoint security · low
deploying-osquery-for-endpoint-monitoring
endpoint security · low
detecting-container-drift-at-runtime
container security · low
detecting-container-escape-attempts
container security · low
detecting-container-escape-with-falco-rules
container security · low
detecting-container-runtime-threats-with-falco
container security · low
detecting-dcsync-attack-in-active-directory
threat hunting · low
detecting-dll-sideloading-attacks
threat hunting · low
detecting-email-forwarding-rules-attack
threat hunting · low
detecting-entra-offensive-tools-in-graph-logs
soc operations · low
detecting-evasion-techniques-in-endpoint-logs
endpoint security · low
detecting-fileless-attacks-on-endpoints
endpoint security · low
detecting-fileless-malware-techniques
malware analysis · medium
detecting-golden-ticket-attacks-in-kerberos-logs
threat hunting · low
detecting-insider-threat-behaviors
threat hunting · low
detecting-kerberoasting-attacks
threat hunting · low
detecting-lateral-movement-with-splunk
threat hunting · low
detecting-malicious-scheduled-tasks-with-sysmon
threat hunting · low
detecting-mimikatz-execution-patterns
threat hunting · low
detecting-ntlm-relay-with-event-correlation
threat hunting · low
detecting-pass-the-hash-attacks
threat hunting · low
detecting-privilege-escalation-attempts
threat hunting · low
detecting-privilege-escalation-in-kubernetes-pods
container security · low
detecting-process-hollowing-technique
threat hunting · low
detecting-process-injection-techniques
malware analysis · medium
detecting-rootkit-activity
malware analysis · medium
detecting-service-account-abuse
threat hunting · low
detecting-suspicious-powershell-execution
threat hunting · low
detecting-t1055-process-injection-with-sysmon
threat hunting · low
detecting-t1548-abuse-elevation-control-mechanism
threat hunting · low
detecting-wmi-persistence
threat hunting · low
escaping-containers-to-host
container security · low
executing-active-directory-attack-simulation
penetration testing · medium
executing-red-team-engagement-planning
red teaming · high
executing-red-team-exercise
penetration testing · medium
exploiting-active-directory-certificate-services-esc1
red teaming · high
exploiting-active-directory-with-bloodhound
red teaming · high
exploiting-adcs-with-certipy
red teaming · high
exploiting-constrained-delegation-abuse
red teaming · high
exploiting-kerberoasting-with-impacket
red teaming · high
exploiting-ms17-010-eternalblue-vulnerability
red teaming · high
exploiting-nopac-cve-2021-42278-42287
red teaming · high
exploiting-sql-injection-vulnerabilities
penetration testing · medium
exploiting-zerologon-vulnerability-cve-2020-1472
red teaming · high
extracting-browser-history-artifacts
digital forensics · low
extracting-config-from-agent-tesla-rat
malware analysis · medium
extracting-iocs-from-malware-samples
malware analysis · medium
extracting-windows-event-logs-artifacts
digital forensics · low
fleet-hunting-with-velociraptor
threat hunting · low
generating-forensic-timelines-with-hayabusa
digital forensics · low
hardening-docker-containers-for-production
container security · low
hardening-docker-daemon-configuration
container security · low
hardening-linux-endpoint-with-cis-benchmark
endpoint security · low
hardening-windows-endpoint-with-cis-benchmark
endpoint security · low
hunting-evtx-with-chainsaw
threat hunting · low
hunting-for-anomalous-powershell-execution
threat hunting · low
hunting-for-beaconing-with-frequency-analysis
threat hunting · low
hunting-for-cobalt-strike-beacons
threat hunting · low
hunting-for-command-and-control-beaconing
threat hunting · low
hunting-for-data-exfiltration-indicators
threat hunting · low
hunting-for-data-staging-before-exfiltration
threat hunting · low
hunting-for-dcom-lateral-movement
threat hunting · low
hunting-for-dcsync-attacks
threat hunting · low
hunting-for-defense-evasion-via-timestomping
threat hunting · low
hunting-for-dns-based-persistence
threat hunting · low
hunting-for-dns-tunneling-with-zeek
threat hunting · low
hunting-for-domain-fronting-c2-traffic
threat hunting · low
hunting-for-lateral-movement-via-wmi
threat hunting · low
hunting-for-living-off-the-cloud-techniques
threat hunting · low
hunting-for-living-off-the-land-binaries
threat hunting · low
hunting-for-lolbins-execution-in-endpoint-logs
threat hunting · low
hunting-for-ntlm-relay-attacks
threat hunting · low
hunting-for-persistence-mechanisms-in-windows
threat hunting · low
hunting-for-persistence-via-wmi-subscriptions
threat hunting · low
hunting-for-process-injection-techniques
threat hunting · low
hunting-for-registry-persistence-mechanisms
threat hunting · low
hunting-for-registry-run-key-persistence
threat hunting · low
hunting-for-scheduled-task-persistence
threat hunting · low
hunting-for-shadow-copy-deletion
threat hunting · low
hunting-for-startup-folder-persistence
threat hunting · low
hunting-for-supply-chain-compromise
threat hunting · low
hunting-for-suspicious-scheduled-tasks
threat hunting · low
hunting-for-t1098-account-manipulation
threat hunting · low
hunting-for-unusual-network-connections
threat hunting · low
hunting-for-unusual-service-installations
threat hunting · low
hunting-for-webshell-activity
threat hunting · low
hunting-saas-sso-token-abuse
soc operations · low
implementing-alert-fatigue-reduction
soc operations · low
implementing-application-whitelisting-with-applocker
endpoint security · low
implementing-container-image-minimal-base-with-distroless
container security · low
implementing-container-network-policies-with-calico
container security · low
implementing-disk-encryption-with-bitlocker
endpoint security · low
implementing-endpoint-dlp-controls
endpoint security · low
implementing-file-integrity-monitoring-with-aide
endpoint security · low
implementing-image-provenance-verification-with-cosign
container security · low
implementing-kubernetes-network-policy-with-calico
container security · low
implementing-kubernetes-pod-security-standards
container security · low
implementing-memory-protection-with-dep-aslr
endpoint security · low
implementing-mitre-attack-coverage-mapping
soc operations · low
implementing-network-policies-for-kubernetes
container security · low
implementing-opa-gatekeeper-for-policy-enforcement
container security · low
implementing-pod-security-admission-controller
container security · low
implementing-rbac-hardening-for-kubernetes
container security · low
implementing-runtime-security-with-tetragon
container security · low
implementing-siem-use-cases-for-detection
soc operations · low
implementing-soar-automation-with-phantom
soc operations · low
implementing-soar-playbook-with-palo-alto-xsoar
soc operations · low
implementing-supply-chain-security-with-in-toto
container security · low
implementing-threat-modeling-with-mitre-attack
soc operations · low
implementing-ticketing-system-for-incidents
soc operations · low
implementing-usb-device-control-policy
endpoint security · low
investigating-insider-threat-indicators
soc operations · low
mapping-attack-paths-with-bloodhound-ce
red teaming · high
moving-laterally-with-netexec
penetration testing · medium
operating-havoc-c2
red teaming · high
operating-sliver-c2
red teaming · high
parsing-artifacts-with-eric-zimmerman-tools
digital forensics · low
performing-active-directory-bloodhound-analysis
red teaming · high
performing-active-directory-penetration-test
penetration testing · medium
performing-alert-triage-with-elastic-siem
soc operations · low
performing-automated-malware-analysis-with-cape
malware analysis · medium
performing-cloud-forensics-investigation
digital forensics · low
performing-cloud-storage-forensic-acquisition
digital forensics · low
performing-container-escape-detection
container security · low
performing-container-security-scanning-with-trivy
container security · low
performing-deception-technology-deployment
soc operations · low
performing-docker-bench-security-assessment
container security · low
performing-dynamic-analysis-with-any-run
malware analysis · medium
performing-endpoint-forensics-investigation
endpoint security · low
performing-endpoint-vulnerability-remediation
endpoint security · low
performing-external-network-penetration-test
penetration testing · medium
performing-false-positive-reduction-in-siem
soc operations · low
performing-file-carving-with-foremost
digital forensics · low
performing-firmware-malware-analysis
malware analysis · medium
performing-ioc-enrichment-automation
soc operations · low
performing-iot-security-assessment
penetration testing · medium
performing-kerberoasting-attack
red teaming · high
performing-kubernetes-cis-benchmark-with-kube-bench
container security · low
performing-kubernetes-etcd-security-assessment
container security · low
performing-kubernetes-penetration-testing
container security · low
performing-lateral-movement-detection
soc operations · low
performing-lateral-movement-with-wmiexec
red teaming · high
performing-linux-log-forensics-investigation
digital forensics · low
performing-log-analysis-for-forensic-investigation
digital forensics · low
performing-log-source-onboarding-in-siem
soc operations · low
performing-malware-persistence-investigation
digital forensics · low
performing-malware-triage-with-yara
malware analysis · medium
performing-memory-forensics-with-volatility3
digital forensics · low
performing-memory-forensics-with-volatility3-plugins
malware analysis · medium
performing-mobile-device-forensics-with-cellebrite
digital forensics · low
performing-network-forensics-with-wireshark
digital forensics · low
performing-network-packet-capture-analysis
digital forensics · low
performing-open-source-intelligence-gathering
red teaming · high
performing-physical-intrusion-assessment
red teaming · high
performing-privilege-escalation-assessment
penetration testing · medium
performing-privilege-escalation-on-linux
red teaming · high
performing-purple-team-exercise
soc operations · low
performing-soc-tabletop-exercise
soc operations · low
performing-sqlite-database-forensics
digital forensics · low
performing-static-malware-analysis-with-pe-studio
malware analysis · medium
performing-steganography-detection
digital forensics · low
performing-thick-client-application-penetration-test
penetration testing · medium
performing-threat-hunting-with-elastic-siem
soc operations · low
performing-threat-hunting-with-yara-rules
threat hunting · low
performing-timeline-reconstruction-with-plaso
digital forensics · low
performing-user-behavior-analytics
soc operations · low
performing-vulnerability-scanning-with-nessus
penetration testing · medium
performing-web-application-penetration-test
penetration testing · medium
performing-windows-artifact-analysis-with-eric-zimmerman-tools
digital forensics · low
performing-wireless-network-penetration-test
penetration testing · medium
performing-yara-rule-development-for-detection
malware analysis · medium
Phone Number Spoofing: Official Phone Number Spoofing
red teaming · high
recovering-deleted-files-with-photorec
digital forensics · low
relaying-ntlm-for-adcs-esc8
red teaming · high
Remote Access Tools
malware analysis · medium
Remote Access Tools
malware analysis · medium
reverse-engineering-android-malware-with-jadx
malware analysis · medium
reverse-engineering-dotnet-malware-with-dnspy
malware analysis · medium
reverse-engineering-malware-with-ghidra
malware analysis · medium
reverse-engineering-rust-malware
malware analysis · medium
scanning-container-images-with-grype
container security · low
scanning-docker-images-with-trivy
container security · low
scanning-kubernetes-manifests-with-kubesec
container security · low
securing-container-registry-with-harbor
container security · low
securing-helm-chart-deployments
container security · low
testing-for-xss-vulnerabilities
penetration testing · medium
Transfer of funds
malware analysis · medium
Transfer of funds
threat hunting · low
Transfer of funds
soc operations · low
triaging-security-alerts-in-splunk
soc operations · low
triaging-windows-with-kape
digital forensics · low
© 2026 Casky.AI, Inc. · AI Security Investigation