CVE-2026-2548 - Vulnerability Details

- WAYOS FBM-220G rc sub_40F820 command injection

Description

A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub_40F820 of the file rc. Executing a manipulation of the argument upnp_waniface/upnp_ssdp_interval/upnp_max_age can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-02-16

Score: 5.3 Medium

EPSS: 1.5% Low

KEV: No

Impact:

Action:

Analysis

Impact

This vulnerability is caused by improper input handling in the sub_40F820 routine of the FBM-220G firmware. The routine accepts the parameters upnp_waniface, upnp_ssdp_interval, and upnp_max_age and forwards them directly to the underlying system without validation, resulting in a command injection flaw. An attacker can send crafted values for these parameters over the remote interface, allowing arbitrary shell commands to be executed on the device. The weakness represents a command injection (CWE-77) and command and regular expression injection (CWE-74) vulnerability.

Affected Systems

The affected product is the WAYOS FBM-220G broadband modem. Firmware version 24.10.19 includes the vulnerable sub_40F820 implementation. This version is the only one indicated in the advisory.

Risk and Exploitability

CVSS base score 5.3 indicates moderate severity. The EPSS score of 2% is relatively low but demonstrates that the vulnerability has a tangible likelihood of exploitation in the wild. The attack vector is remote, as the exploit is triggered through the UPnP interface. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Because the flaw allows arbitrary command execution, the potential impact ranges from service disruption to full device compromise if an attacker is able to use downstream networking functions. The lack of vendor remediation in the advisory further increases the risk for current deployments.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

WAYOS

FBM-220G

affected

Version	Status	Constraints
`24.10.19`	affected	—

No data.

Vendor Product Confidence Versions

Wayos

Fbm-220g

—

Version	Status	Scheme	Platform
`24.10.19`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest firmware update from WAYOS that removes the insecure handling in sub_40F820.
Disable UPnP or restrict access to the upnp_waniface, upnp_ssdp_interval, and upnp_max_age parameters through network ACLs or device configuration.
Configure firewalls or segment the network to limit exposure of the device’s management interface and monitor for anomalous UPnP activity.

Generated by OpenCVE AI on April 17, 2026 at 19:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.01511.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/glkfc/IoT-Vulnerability/blob/main/wayos/wayos.md
https://vuldb.com/?ctiid.346157
https://vuldb.com/?id.346157
https://vuldb.com/?submit.749802

History

Tue, 17 Feb 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 16 Feb 2026 12:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wayos Wayos fbm-220g
Vendors & Products		Wayos Wayos fbm-220g

Mon, 16 Feb 2026 09:15:00 +0000

Type	Values Removed	Values Added
Description		A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub_40F820 of the file rc. Executing a manipulation of the argument upnp_waniface/upnp_ssdp_interval/upnp_max_age can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Title		WAYOS FBM-220G rc sub_40F820 command injection
Weaknesses		CWE-74 CWE-77
References		https://github.com/glkfc/IoT-Vulnerability/blob/main/wayos/wayos.md https://vuldb.com/?ctiid.346157 https://vuldb.com/?id.346157 https://vuldb.com/?submit.749802
Metrics		cvssV2_0 `{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Wayos Fbm-220g

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-16T09:02:05.796Z

Updated: 2026-02-23T10:07:54.559Z

Reserved: 2026-02-15T16:03:56.796Z

Link: CVE-2026-2548

Vulnrichment

Updated: 2026-02-17T16:57:24.829Z

NVD

Status : Deferred

Published: 2026-02-16T09:16:08.853

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-2548

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T19:15:26Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object