CVE-2026-4543

LOW EPSS 87.3%

Published Mar 22, 20263mo ago · Modified Jun 17, 20261w ago

2.1 CVSS 4.0

Low

Published Mar 22, 2026 3mo ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmz_flag/del_flag results in command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

Base Score

2.1

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

87.3% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 2

CWE-74

CWE-77 Command Injection Injection

Affected Products 2

Vendor	Product	Version	Range
wavlink	wl-wn578w2_firmware	221110	any
wavlink	wl-wn578w2	*	any

References 6

github.com https://github.com/Litengzheng/vul_db/blob/main/WL-WN578W2/vul_4/README.md

ExploitThird Party Advisory
github.com https://github.com/Litengzheng/vul_db/blob/main/WL-WN578W2/vul_5/README.md

ExploitThird Party Advisory
vuldb.com https://vuldb.com/?ctiid.352360

Permissions RequiredVDB Entry
vuldb.com https://vuldb.com/?id.352360

Third Party AdvisoryVDB Entry
vuldb.com https://vuldb.com/?submit.774690

Third Party AdvisoryVDB Entry
vuldb.com https://vuldb.com/?submit.774691

Third Party AdvisoryVDB Entry

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.