CVE-2026-4543

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN578W2 version 221110

Description A command injection issue exists in the POST Request Handler component of Wavlink WL-WN578W2 version 221110. The issue is located in the /cgi-bin/firewall.cgi file. Manipulation of the dmz flag/del flag argument can lead to command injection. The attack can be initiated remotely. The exploit has been made public. The vendor was contacted but did not respond.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Command Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-74

Related Identifiers

CVE-2026-4543

Affected Products

Wavlink Wl-Wn578W2

CVE-2026-4543

Weakness Enumeration

Related Identifiers

Affected Products

References · 10