VYPR

WL-WN578W2

by Wavlink

CVEs (10)

  • CVE-2026-4164CriMar 16, 2026
    risk 0.64cvss 9.8epss 0.02

    A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete_Mac_list/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is possible to launch the attack…

  • CVE-2025-10359HigSep 13, 2025
    risk 0.48cvss 7.3epss 0.06

    A vulnerability was detected in Wavlink WL-WN578W2 221110. This impacts the function sub_404DBC of the file /cgi-bin/wireless.cgi. The manipulation of the argument macAddr results in os command injection. The attack can be launched remotely. The exploit is now public and may be…

  • CVE-2025-10358HigSep 13, 2025
    risk 0.48cvss 7.3epss 0.06

    A security vulnerability has been detected in Wavlink WL-WN578W2 221110. This affects the function sub_404850 of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list leads to os command injection. The attack can be initiated remotely. The exploit has been…

  • CVE-2025-10324HigSep 12, 2025
    risk 0.48cvss 7.3epss 0.08

    A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects the function sub_401C5C of the file firewall.cgi. This manipulation of the argument pingFrmWANFilterEnabled/blockSynFloodEnabled/blockPortScanEnabled/remoteManagementEnabled causes command injection. It is…

  • CVE-2025-10323HigSep 12, 2025
    risk 0.48cvss 7.3epss 0.08

    A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is the function sub_409184 of the file /wizard_rep.shtml. The manipulation of the argument sel_EncrypTyp results in command injection. The attack may be performed from remote. The exploit has been made…

  • CVE-2026-4543MedMar 22, 2026
    risk 0.41cvss 6.3epss 0.03

    A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmz_flag/del_flag results in command injection. It is possible…

  • CVE-2025-10325MedSep 12, 2025
    risk 0.41cvss 6.3epss 0.07

    A vulnerability was identified in Wavlink WL-WN578W2 221110. This impacts the function sub_401340/sub_401BA4 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to command injection. It is possible to launch the attack remotely. The exploit is publicly…

  • CVE-2025-10322MedSep 12, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability has been found in Wavlink WL-WN578W2 221110. The affected element is an unknown function of the file /sysinit.html. The manipulation of the argument newpass/confpass leads to weak password recovery. The attack is possible to be carried out remotely. The exploit…

  • CVE-2025-10321MedSep 12, 2025
    risk 0.34cvss 5.3epss 0.00

    A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is an unknown function of the file /live_online.shtml. Executing manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been published and may be used. The vendor was…

  • CVE-2026-4544LowMar 22, 2026
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects an unknown function of the file /cgi-bin/login.cgi of the component POST Request Handler. Executing a manipulation of the argument homepage/hostname/login_page can lead to cross site scripting. It is…