CVE-2026-2670

HIGH

Advantech WISE-6610 1.2.1 - Command Injection

Title source: llm

Description

A vulnerability was identified in Advantech WISE-6610 1.2.1_20251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpn_apply of the component Background Management. Such manipulation of the argument delete_file leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (3)

github WORKING POC 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-2670

View Code ZIP pw:eip

nomisec WORKING POC

by ali-py3 · poc

https://github.com/ali-py3/exploi-CVE-2026-2670

View Code ZIP pw:eip

nomisec WORKING POC

by ali-py3 · poc

https://github.com/ali-py3/exploit-CVE-2026-2670

View Code ZIP pw:eip

References (5)

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.346467

[Permissions Required, VDB Entry] https://vuldb.com/?id.346467

[Permissions Required, VDB Entry] https://vuldb.com/?submit.753293

[Various Sources] https://www.advantech.com/

[Issue Tracking] https://github.com/master-abc/cve/issues/37

Scores

CVSS v3 7.2

EPSS 0.0017

EPSS Percentile 38.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-77 CWE-78

Status draft

Timeline

Published Feb 18, 2026

Tracked Since Feb 19, 2026