Description
A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete_Mac_list/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is possible to launch the attack remotely. The exploit has been published and may be used. It is recommended to upgrade the affected component.
References (8)
Core 8
Core References
Permissions Required, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.351071
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.351071
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.768292
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.768293
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.768294
Third Party Advisory related
https://github.com/Litengzheng/vul_db/blob/main/WL-WN578W2/vul_1/README.md
Third Party Advisory exploit
https://github.com/Litengzheng/vul_db/blob/main/WL-WN578W2/vul_2/README.md
Scores
CVSS v3
9.8
EPSS
0.0206
EPSS Percentile
78.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-74
CWE-77
Status
published
Products (1)
Wavlink/WL-WN578W2
221110
Published
Mar 16, 2026
Tracked Since
Mar 16, 2026