CVE-2026-4164 Wavlink WL-WN578W2 POST Request wireless.cgi GuestWifi command injection

A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function DeleteMaclist/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is possible to launch the attack remotely. The exploit h...

PT-2026-8302

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN579A3 versions up to 20210219 Description A command injection issue exists in the function Delete Mac list of the file /cgi-bin/wireless.cgi. Manipulation of the delete list argument can lead to command injection. Remote...

PT-2025-37366

Name of the Vulnerable Software and Affected Versions: Wavlink WL-WN578W2 version 221110 Description: A security issue has been identified in Wavlink WL-WN578W2. Manipulation of the delete list argument in the /cgi-bin/wireless.cgi file’s sub 404850 function can lead to operating system command...

CVE-2025-9149

A vulnerability was determined in Wavlink WL-NU516U1 M16U1V240425. This impacts the function sub4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guestssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...