CVE-2026-2548

CVSS v2.0

6.5

Medium

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions WAYOS FBM-220G version 24.10.19

Description A flaw exists in WAYOS FBM-220G version 24.10.19 related to command injection. Manipulation of the arguments upnp waniface, upnp ssdp interval, and upnp max age within the sub 40F820 function of the rc file can allow for remote execution of commands. The vendor was contacted regarding this issue but did not provide a response.

Recommendations As a temporary workaround, consider restricting or disabling the use of the upnp waniface, upnp ssdp interval, and upnp max age arguments. Disable the sub 40F820 function if possible. Avoid using the rc file if it is not essential for the operation of the system.

Exploit

Fix

Special Elements Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-77

Related Identifiers

CVE-2026-2548

Affected Products

Wayos Fbm-220G

CVE-2026-2548

Weakness Enumeration

Related Identifiers

Affected Products

References · 8