Medium severity6.3NVD Advisory· Published May 3, 2026· Updated May 7, 2026
CVE-2026-7691
CVE-2026-7691
Description
A security vulnerability has been detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110. Impacted is the function set_sys_cmd of the file /cgi-bin/adm.cgi. Such manipulation of the argument command leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Once again the vendors acted very professional and confirms, "that the WN570HA1 firmware version R70HA1 V1410_221110 has been removed from our website." This vulnerability only affects products that are no longer supported by the maintainer.
Affected products
1- cpe:2.3:o:wavlink:wl-wn570ha1_firmware:r70ha1_v1410_221110:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- lavender-bicycle-a5a.notion.site/Wavlink-WN570HA1-set_sys_cmd-34753a41781f80ab88a1d95d4f798d1fnvdExploitThird Party Advisory
- vuldb.com/submit/807806nvdThird Party AdvisoryVDB Entry
- vuldb.com/vuln/360861nvdThird Party AdvisoryVDB Entry
- vuldb.com/vuln/360861/ctinvdPermissions RequiredVDB Entry
News mentions
0No linked articles in our index yet.