PT-2026-25538 · Wavlink · Wl-Wn578W2

Ltzhust

Publicado

2026-03-14

Atualizado

2026-03-16

CVE-2026-4164

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN578W2 221110 (affected versions not specified)

Description A flaw exists in the Wavlink WL-WN578W2 221110 device. The issue impacts the Delete Mac list/SetName/GuestWifi function within the /cgi-bin/wireless.cgi file, part of the POST Request Handler component. A manipulation of this component can lead to command injection, and the attack can be launched remotely. The exploit for this issue has been published.

Recommendations Upgrade the affected component.

Exploit

Correção

RCE

Command Injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77CWE-74

Identificadores relacionados

BDU:2026-05169

CVE-2026-4164

Produtos afetados

Wl-Wn578W2

PT-2026-25538 · Wavlink · Wl-Wn578W2

CVE-2026-4164

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 19