PT-2026-25538 · Wavlink · Wl-Wn578W2

Ltzhust

Published

2026-03-14

Updated

2026-03-16

CVE-2026-4164

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN578W2 221110 (affected versions not specified)

Description A flaw exists in the Wavlink WL-WN578W2 221110 device. The issue impacts the Delete Mac list/SetName/GuestWifi function within the /cgi-bin/wireless.cgi file, part of the POST Request Handler component. A manipulation of this component can lead to command injection, and the attack can be launched remotely. The exploit for this issue has been published.

Recommendations Upgrade the affected component.

Exploit

Fix

RCE

Command Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-74

Related Identifiers

BDU:2026-05169

CVE-2026-4164

Affected Products

Wl-Wn578W2

PT-2026-25538 · Wavlink · Wl-Wn578W2

CVE-2026-4164

Weakness Enumeration

Related Identifiers

Affected Products

References · 19