CVE-2026-4164 | Wavlink WL-WN578W2 221110 POST Request /cgi-bin/wireless.cgi Delete_Mac_list/SetName/GuestWifi command injection

Inserito da Angelo Barbosa | Mar 14, 2026 | CVE

A vulnerability was found in Wavlink WL-WN578W2 221110. It has been declared as critical. Impacted is the function Delete_Mac_list/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection.

This vulnerability is registered as CVE-2026-4164. It is possible to launch the attack remotely. Furthermore, an exploit is available.

It is recommended to upgrade the affected component.

CVE-2026-4164 | Wavlink WL-WN578W2 221110 POST Request /cgi-bin/wireless.cgi Delete_Mac_list/SetName/GuestWifi command injection

Post correlati

CVE-2025-4568 | Trol InterMedia 2ClickPortal up to 7.14.2 changes__reference_id sql injection

CVE-2022-50179 | Linux Kernel up to 5.19.1 ath9k ath9k_hif_usb_rx_cb initialization

CVE-2024-11921 | GiveWP Plugin up to 3.18.x on WordPress cross site scripting

CVE-2024-38716 | Blue Plugins Events Calendar for Google Plugin up to 2.1.0 on WordPress path traversal