CVE-2026-4544 | Wavlink WL-WN578W2 221110 POST Request /cgi-bin/login.cgi homepage/hostname/login_page cross site scripting

A vulnerability categorized as problematic has been discovered in Wavlink WL-WN578W2 221110. This affects an unknown function of the file /cgi-bin/login.cgi of the component POST Request Handler. Executing a manipulation of the argument homepage/hostname/login_page can lead to cross site scripting.

This vulnerability is registered as CVE-2026-4544. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4544 | Wavlink WL-WN578W2 221110 POST Request /cgi-bin/login.cgi homepage/hostname/login_page cross site scripting

Post correlati

CVE-2024-12564 | Open Design Alliance CDE inWEB SDK prior 2025.3 Setting information disclosure

CVE-2025-58133 | Zoom Rooms up to 6.5.0 improper authentication

CVE-2026-32255 | kanbn kan up to 0.5.4 Attachment Download Endpoint attatchment fetch server-side request forgery (GHSA-qrx8-9hc6-jvqg)

CVE-2023-6200 | Linux Kernel up to 6.7-rc6 ICMPv6 Router Advertisement Packet race condition