CVE-2026-7692

Exploit

EPSS 3.19%
Veröffentlicht 03.05.2026 11:16:13
Zuletzt bearbeitet 07.05.2026 01:46:34
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

Wavlink WL-WN570HA1 adm.cgi ping_ddns command injection

A vulnerability was detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110. The affected element is the function ping_ddns of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument DDNS results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. Once again the vendors acted very professional and confirms, "that the WN570HA1 firmware version R70HA1 V1410_221110 has been removed from our website." This vulnerability only affects products that are no longer supported by the maintainer.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wavlink ≫ Wl-wn570ha1 Firmware Versionr70ha1_v1410_221110

Wavlink ≫ Wl-wn570ha1 Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.19%	0.864

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	2.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

https://lavender-bicycle-a5a.notion.site/Wavlink-WN570HA1-ping_ddns-34753a41781f80c0a6c6c1b09b7cdf1c?source=copy_link

Third Party Advisory

Exploit

https://vuldb.com/submit/807807

Third Party Advisory

VDB Entry

https://vuldb.com/vuln/360862

Third Party Advisory

VDB Entry

https://vuldb.com/vuln/360862/cti

VDB Entry

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2026-7692

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-7692

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-7692

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-7692