CVE-2026-4543— Wavlink WL-WN578W2 POST Request firewall.cgi command injection

CVSS 6.3 · Medium EPSS 0.66% · P71 Updated Mar 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-4543

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Wavlink WL-WN578W2 POST Request firewall.cgi command injection

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmz_flag/del_flag results in command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

在命令中使用的特殊元素转义处理不恰当(命令注入)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Wavlink WL-WN578W2 命令注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Wavlink WL-WN578W2是中国睿因（Wavlink）公司的一款无线中继器。 Wavlink WL-WN578W2 221110版本存在命令注入漏洞，该漏洞源于对POST请求处理组件中文件/cgi-bin/firewall.cgi的参数dmz_flag/del_flag的错误操作，可能导致命令注入。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Wavlink	WL-WN578W2	221110	`cpe:2.3:o:wavlink:wl-wn578w2_firmware::::::::`

II. Public POCs for CVE-2026-4543

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-4543

Please Login to view more intelligence information

vul_db/WL-WN578W2/vul_4/README.md at main · Litengzheng/vul_db · GitHubrelated
vul_db/WL-WN578W2/vul_5/README.md at main · Litengzheng/vul_db · GitHubexploit
Submit #774690: Wavlink WL-WN578W2 V221110 Command Injectionthird-party-advisory
Submit #774691: Wavlink WL-WN578W2 V221110 Command Injectionthird-party-advisory
CVE-2026-4543 Wavlink WL-WN578W2 POST Request firewall.cgi command injectionvdb-entrytechnical-description
https://nvd.nist.gov/vuln/detail/CVE-2026-4543

IV. Related Vulnerabilities

Same product: WL-WN578W2

Same vendor: Wavlink

Same weakness: CWE-77

V. Comments for CVE-2026-4543

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-4543— Wavlink WL-WN578W2 POST Request firewall.cgi command injection

I. Basic Information for CVE-2026-4543

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-4543

III. Intelligence Information for CVE-2026-4543

IV. Related Vulnerabilities

V. Comments for CVE-2026-4543

Leave a comment