CVE-2026-4543 | Wavlink WL-WN578W2 221110 POST Request /cgi-bin/firewall.cgi dmz_flag/del_flag command injection

Inserito da Angelo Barbosa | Mar 21, 2026 | CVE

A vulnerability was found in Wavlink WL-WN578W2 221110. It has been rated as critical. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmz_flag/del_flag results in command injection.

This vulnerability is cataloged as CVE-2026-4543. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4543 | Wavlink WL-WN578W2 221110 POST Request /cgi-bin/firewall.cgi dmz_flag/del_flag command injection

Post correlati

CVE-2024-26648 | Linux Kernel up to 6.6.14/6.7.2 display edp_setup_replay null pointer dereference (22ae604aea14/c02d257c6541/7073934f5d73)

CVE-2023-3443 | GitLab prior 16.4.3/16.5.3/16.6.1 Confidential Work Item access control

CVE-2024-50207 | Linux Kernel up to 6.11.5 ring-buffer ring_buffer_subbuf_order_set buffer overflow (a569290525a0/09661f75e75c)

CVE-2025-25302 | danielgatis rembg up to 2.0.57 origin validation (GHSL-2024-161)