CVE-2026-2670 - Vulnerability Details

- Advantech WISE-6610 Background Management openvpn_apply os command injection

Description

A vulnerability was identified in Advantech WISE-6610 1.2.1_20251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpn_apply of the component Background Management. Such manipulation of the argument delete_file leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-02-18

Score: 8.6 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A vulnerability was found in Advantech WISE‑6610 version 1.2.1_20251110 that allows remote attackers to inject arbitrary operating‑system commands. An attacker can manipulate the delete_file argument of the /cgi-bin/luci/admin/openvpn_apply CGI script to execute arbitrary commands on the device. This type of vector can compromise the confidentiality, integrity, and availability of the device and any connected networks.

Affected Systems

Advantech WISE‑6610 devices running firmware version 1.2.1_20251110 are affected. The vulnerability resides in the Background Management component, specifically the openvpn_apply CGI script located at /cgi-bin/luci/admin.

Risk and Exploitability

The CVSS base score of 8.6 places the vulnerability in the High severity range, and the EPSS score of less than 1 % indicates that exploitation is currently expected to be rare, though the public exploit makes it possible. The vulnerability is not listed in the CISA KEV catalog. Attackers can exploit the flaw remotely by sending a crafted HTTP request to the vulnerable script. No local privilege escalation is required; the flaw can be triggered by any external network user with access to the device’s web interface. If exploited, the attacker could run arbitrary commands, potentially taking full control of the device.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Advantech

WISE-6610

affected

Version	Status	Constraints
`1.2.1_20251110`	affected	—

No data.

Vendor Product Confidence Versions

Advantech

Wise-6610

100%

Version	Status	Scheme	Platform
`1.2.1_20251110`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest firmware update that addresses the command injection issue in the openvpn_apply endpoint.
Restrict access to the /cgi-bin/luci/admin/openvpn_apply URL to trusted networks or devices by configuring firewall rules or network ACLs.
If a patch is not yet available, implement strict input validation on the delete_file parameter to prevent malformed command strings.
Monitor web server logs for anomalous delete_file values and block offending traffic.

Generated by OpenCVE AI on April 17, 2026 at 18:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00038.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/master-abc/cve/issues/37
https://vuldb.com/?ctiid.346467
https://vuldb.com/?id.346467
https://vuldb.com/?submit.753293
https://www.advantech.com/

History

Fri, 20 Feb 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 19 Feb 2026 10:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Advantech Advantech wise-6610
Vendors & Products		Advantech Advantech wise-6610

Wed, 18 Feb 2026 21:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was identified in Advantech WISE-6610 1.2.1_20251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpn_apply of the component Background Management. Such manipulation of the argument delete_file leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Advantech WISE-6610 Background Management openvpn_apply os command injection
Weaknesses		CWE-77 CWE-78
References		https://github.com/master-abc/cve/issues/37 https://vuldb.com/?ctiid.346467 https://vuldb.com/?id.346467 https://vuldb.com/?submit.753293 https://www.advantech.com/
Metrics		cvssV2_0 `{'score': 8.3, 'vector': 'AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Advantech Wise-6610

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-18T21:02:08.426Z

Updated: 2026-02-23T10:25:15.372Z

Reserved: 2026-02-18T09:16:43.848Z

Link: CVE-2026-2670

Vulnrichment

Updated: 2026-02-20T19:32:43.252Z

NVD

Status : Deferred

Published: 2026-02-18T22:16:27.360

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-2670

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T18:30:05Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object