CVE-2026-7691 | Wavlink WL-WN570HA1 R70HA1 V1410_221110 /cgi-bin/adm.cgi set_sys_cmd command command injection

A vulnerability labeled as critical has been found in Wavlink WL-WN570HA1 R70HA1 V1410_221110. Impacted is the function set_sys_cmd of the file /cgi-bin/adm.cgi. Such manipulation of the argument command leads to command injection. This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability is referenced as CVE-2026-7691. It is possible to launch the attack remotely. Furthermore, an exploit is available.

Once again the vendors acted very professional and confirms, “that the WN570HA1 firmware version R70HA1 V1410_221110 has been removed from our website.”

CVE-2026-7691 | Wavlink WL-WN570HA1 R70HA1 V1410_221110 /cgi-bin/adm.cgi set_sys_cmd command command injection

Post correlati

CVE-2023-33295 | Cohesity DataProtect 6.6.0d/6.8.1 TLS Certificate Validation access control

CVE-2025-12406 | Project Honey Pot Spam Trap Plugin up to 1.0.1 on WordPress Setting printAdminPage cross-site request forgery

CVE-2025-31050 | Apptha Slider Gallery Plugin up to 2.5 on WordPress path traversal

CVE-2025-4888 | code-projects Pharmacy Management System 1.0 Add Order Details medicineType::take_order buffer overflow