CVE-2026-7690 Wavlink WL-WN570HA1 adm.cgi set_sys_adm command injection

A weakness has been identified in Wavlink WL-WN570HA1 R70HA1 V1410221110. This issue affects the function setsysadm of the file /cgi-bin/adm.cgi. This manipulation of the argument Username causes command injection. It is possible to initiate the attack remotely. The exploit has been made availabl...

PT-2026-36694

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN570HA1 version R70HA1 V1410 221110 Description A command injection issue exists that allows remote attackers to execute arbitrary commands. The flaw is located in the set sys adm function within the '/cgi-bin/adm.cgi' endpoint,...

CVE-2025-50757

Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the setsysadm function via the username parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2024-48705

Wavlink AC1200 with firmware versions M32A3V1410230602 and M32A3V1410240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "setsysadm" function of the "adm.cgi" binary, and is due to improper santization ...

CVE-2025-50757

Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the setsysadm function via the username parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-50757

Wavlink WN535K3 (version 20191010) is affected by a command-injection vulnerability in the set_sys_adm function triggered via the username parameter. The flaw enables attackers to execute arbitrary commands through a crafted request. CVSSv3.1 base score is 6.5 (Network, Low attack complexity, No ...

PT-2025-35571

Name of the Vulnerable Software and Affected Versions: Wavlink WN535K3 version 20191010 Description: A command injection vulnerability exists in the set sys adm function of the Wavlink WN535K3 router. The vulnerability is triggered through manipulation of the username parameter, allowing attacker...

CVE-2025-9358

CVE-2025-9358 affects Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 (firmware ranges listed in sources). The root cause is a stack-based buffer overflow in the setSysAdm function located in /goform/setSysAdm, triggered by manipulation of the admpasshint argument. This allows remote ex...

CVE-2025-50756

Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the setsysadm function via the newpass parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

WAVLINK WN535K3 安全漏洞

WAVLINK WN535K3 is a wireless router from China Ruiyin WAVLINK. A security vulnerability exists in WAVLINK WN535K3 version 20191010, which originates from a command injection in the newpass parameter of the setsysadm function, which could lead to the execution of arbitrary commands...

PT-2025-2561 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: A buffer overflow vulnerability exists in the set sys adm function of adm.cgi. This issue can be triggered by a specially crafted HTTP request, leading to a stack-based buffer overflow. A...

WAVLINK WL-WNJ575A3 命令注入漏洞

WAVLINK WL-WNJ575A3 is a wireless network signal extender from China RuiYin Technology WAVLINK. The WAVLINK WL-WNJ575A3 suffers from a command injection vulnerability that originates from an application failing to properly filter construct command special characters, commands, etc. The...