PT-2026-36696 · Wavlink · Wl-Wn570Ha1

Wxhwxhwxh_Tutu

Published

2026-05-03

Updated

2026-05-03

CVE-2026-7692

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN570HA1 version R70HA1 V1410 221110

Description A remote command injection issue exists in the ping ddns() function within the '/cgi-bin/adm.cgi' endpoint. Manipulating the DDNS argument allows an attacker to execute arbitrary commands on the system remotely.

Recommendations For version R70HA1 V1410 221110, as the firmware has been removed from the official website and the product is no longer supported, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Special Elements Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-77

Related Identifiers

CVE-2026-7692

Affected Products

Wl-Wn570Ha1

PT-2026-36696 · Wavlink · Wl-Wn570Ha1

CVE-2026-7692

Weakness Enumeration

Related Identifiers

Affected Products

References · 8