CVE-2026-2670

HIGH

Advantech WISE-6610 1.2.1 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2026-2670. PoCs published by XiaomingX, ali-py3.

AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2026-2670, demonstrating a command injection vulnerability in Advantech WISE-6610's OpenVPN configuration endpoint. The exploit leverages improper sanitization of the 'delete_file' parameter to execute arbitrary commands with root privileges.

Description

A vulnerability was identified in Advantech WISE-6610 1.2.1_20251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpn_apply of the component Background Management. Such manipulation of the argument delete_file leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (3)

github WORKING POC 10 stars
by XiaomingX · pythonpoc
https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-2670

This repository contains a functional Python exploit for CVE-2026-2670, demonstrating a command injection vulnerability in Advantech WISE-6610's OpenVPN configuration endpoint. The exploit leverages improper sanitization of the 'delete_file' parameter to execute arbitrary commands with root privileges.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Advantech WISE-6610
Auth required
Prerequisites: valid credentials or session cookie · network access to the target device
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC
by ali-py3 · poc
https://github.com/ali-py3/exploit-CVE-2026-2670

This repository contains a functional Python exploit for CVE-2026-2670, demonstrating a command injection vulnerability in Advantech WISE-6610 industrial cellular routers. The exploit targets the `/cgi-bin/luci/admin/openvpn_apply` endpoint, allowing authenticated attackers to execute arbitrary system commands with root privileges via the `delete_file` parameter.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Advantech WISE-6610
Auth required
Prerequisites: Valid credentials or session cookie for the Advantech WISE-6610 device · Network access to the target device
devstral-2 · analyzed Feb 21, 2026 Full analysis →
nomisec WORKING POC
by ali-py3 · poc
https://github.com/ali-py3/exploi-CVE-2026-2670

This repository contains a functional Python exploit for CVE-2026-2670, demonstrating a command injection vulnerability in Advantech WISE-6610's OpenVPN configuration deletion endpoint. The exploit includes authentication handling and command execution with root privileges.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Advantech WISE-6610
Auth required
Prerequisites: Valid credentials or session cookie · Network access to target device
devstral-2 · analyzed Feb 20, 2026 Full analysis →

References (5)

Core 5
Core References
Permissions Required, VDB Entry vdb-entry technical-description
https://vuldb.com/?id.346467
Permissions Required, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.346467
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.753293
Issue Tracking exploit issue-tracking
https://github.com/master-abc/cve/issues/37
Various Sources product
https://www.advantech.com/

Scores

CVSS v3 7.2
EPSS 0.1291
EPSS Percentile 95.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-77 CWE-78
Status published
Products (1)
Advantech/WISE-6610 1.2.1_20251110
Published Feb 18, 2026
Tracked Since Feb 19, 2026