Description
A security vulnerability has been detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110. Impacted is the function set_sys_cmd of the file /cgi-bin/adm.cgi. Such manipulation of the argument command leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Once again the vendors acted very professional and confirms, "that the WN570HA1 firmware version R70HA1 V1410_221110 has been removed from our website." This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-05-03
Score: 5.3 Medium
EPSS: 3.2% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A command injection vulnerability exists in the set_sys_cmd function of /cgi-bin/adm.cgi on the Wavlink WL‑WN570HA1 router. Unsanitized command arguments are passed directly to the underlying shell, allowing an attacker to execute arbitrary commands. This results in remote command execution. Based on the nature of the vulnerability, the attacker could potentially alter the device’s configuration, access or exfiltrate data, or disrupt the device’s operation, thereby impacting confidentiality, integrity, and availability.

Affected Systems

The flaw targets the Wavlink WL‑WN570HA1 router running firmware version R70HA1 V1410_221110. This particular firmware revision has been removed from the vendor’s website and is no longer supported, so no official patch is available.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. With an EPSS score of 3%, the likelihood of exploitation is considered low to moderate, and the issue is not cataloged in CISA KEV. The attack vector is remote, most likely achieved by sending crafted HTTP requests to the administration interface, and could be exploited until the device is replaced or isolated.

Generated by OpenCVE AI on June 18, 2026 at 08:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Replace the router with a supported model that receives security updates.
  • Isolate the device on a separate network segment and block external access to its administrative interface.
  • Disable or remove the web administration interface (/cgi-bin/adm.cgi) to prevent remote exploitation.
  • Periodically check the vendor’s website for any firmware updates or advisories, even though no patch is currently available.

Generated by OpenCVE AI on June 18, 2026 at 08:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 02:00:00 +0000

Type Values Removed Values Added
First Time appeared Wavlink wl-wn570ha1 Firmware
CPEs cpe:2.3:h:wavlink:wl-wn570ha1:-:*:*:*:*:*:*:*
cpe:2.3:o:wavlink:wl-wn570ha1_firmware:r70ha1_v1410_221110:*:*:*:*:*:*:*
Vendors & Products Wavlink wl-wn570ha1 Firmware

Mon, 04 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 03 May 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Wavlink
Wavlink wl-wn570ha1
Vendors & Products Wavlink
Wavlink wl-wn570ha1

Sun, 03 May 2026 10:45:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110. Impacted is the function set_sys_cmd of the file /cgi-bin/adm.cgi. Such manipulation of the argument command leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Once again the vendors acted very professional and confirms, "that the WN570HA1 firmware version R70HA1 V1410_221110 has been removed from our website." This vulnerability only affects products that are no longer supported by the maintainer.
Title Wavlink WL-WN570HA1 adm.cgi set_sys_cmd command injection
Weaknesses CWE-74
CWE-77
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


Subscriptions

Wavlink Wl-wn570ha1 Wl-wn570ha1 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-04T13:02:51.934Z

Reserved: 2026-05-02T16:33:35.460Z

Link: CVE-2026-7691

cve-icon Vulnrichment

Updated: 2026-05-04T13:02:47.848Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-03T11:16:13.263

Modified: 2026-06-17T11:02:48.430

Link: CVE-2026-7691

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T08:45:03Z

Weaknesses
  • CWE-74

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')