Medium severity6.3NVD Advisory· Published May 3, 2026· Updated May 7, 2026
CVE-2026-7690
CVE-2026-7690
Description
A weakness has been identified in Wavlink WL-WN570HA1 R70HA1 V1410_221110. This issue affects the function set_sys_adm of the file /cgi-bin/adm.cgi. This manipulation of the argument Username causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Once again the vendors acted very professional and confirms, "that the WN570HA1 firmware version R70HA1 V1410_221110 has been removed from our website." This vulnerability only affects products that are no longer supported by the maintainer.
Affected products
1- cpe:2.3:o:wavlink:wl-wn570ha1_firmware:r70ha1_v1410_221110:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- lavender-bicycle-a5a.notion.site/Wavlink-WN570HA1-set_sys_adm-34753a41781f809d8043f0a7a3e07e50nvdExploitThird Party Advisory
- vuldb.com/submit/807805nvdThird Party AdvisoryVDB Entry
- vuldb.com/vuln/360860nvdThird Party AdvisoryVDB Entry
- vuldb.com/vuln/360860/ctinvdPermissions RequiredVDB Entry
News mentions
0No linked articles in our index yet.