Wavlink WL-WN578W2 firmware contains a command injection vulnerability in the Delete_Mac_list/SetName/GuestWifi functions, enabling remote attackers t...
Description
Wavlink WL-WN578W2 firmware contains a command injection vulnerability in the Delete_Mac_list/SetName/GuestWifi functions, enabling remote attackers to execute arbitrary commands.
AI Analyst Comment
Remediation
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: Wavlink
PRODUCT: WL-WN578W2
AFFECTED_VERSIONS: 221110
---END_METADATA---
Description Summary:
Wavlink WL-WN578W2 firmware contains a command injection vulnerability in the Delete_Mac_list/SetName/GuestWifi functions, enabling remote attackers to execute arbitrary commands.
Executive Summary:
A critical command injection vulnerability in Wavlink WL-WN578W2 devices allows remote attackers to execute arbitrary code and fully compromise the network hardware.
Vulnerability Details
CVE-ID: CVE-2026-4164
Affected Software: Wavlink WL-WN578W2
Affected Versions: 221110
Vulnerability: The flaw resides in the POST request handler for
/cgi-bin/wireless.cgi, specifically affecting theDelete_Mac_list,SetName, andGuestWififunctions. Attackers can inject malicious commands through these parameters without requiring local access.Business Impact
This vulnerability leads to total device compromise, allowing attackers to monitor unencrypted traffic and redirect users to malicious sites. With a CVSS score of 9.8, the risk is Critical, as these devices often serve as the primary security barrier for small office and home networks.
Remediation Plan
Immediate Action: Immediately install the latest firmware update provided by Wavlink to patch the vulnerable CGI components.
Proactive Monitoring: Audit the device for any unfamiliar MAC addresses in the allowed list or unauthorized Guest Wi-Fi accounts.
Compensating Controls: Implement strict firewall rules to prevent access to the router's web management interface from external networks.
Exploitation Status
Public Exploit Available: Yes
Analyst Notes: As of March 16, 2026, the exploit for this vulnerability has been published. The availability of public exploit code makes it highly likely that automated scans are currently targeting these devices.
Analyst Recommendation
The presence of a public exploit and the Critical severity of the flaw necessitate immediate action. Update the firmware now. If an update is not available, the device should be taken offline or replaced to prevent it from becoming a bridgehead for attackers.