10 matches found
CVE-2026-4544 Wavlink WL-WN578W2 POST Request login.cgi cross site scripting
A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects an unknown function of the file /cgi-bin/login.cgi of the component POST Request Handler. Executing a manipulation of the argument homepage/hostname/loginpage can lead to cross site scripting. It is possible to launch the...
CVE-2026-4164 Wavlink WL-WN578W2 POST Request wireless.cgi GuestWifi command injection
A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function DeleteMaclist/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is possible to launch the attack remotely. The exploit h...
CVE-2025-10323
A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is the function sub409184 of the file /wizardrep.shtml. The manipulation of the argument selEncrypTyp results in command injection. The attack may be performed from remote. The exploit has been made public and could be...
CVE-2025-10321
A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is an unknown function of the file /liveonline.shtml. Executing manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about...
CVE-2025-10359
A vulnerability was detected in Wavlink WL-WN578W2 221110. This impacts the function sub404DBC of the file /cgi-bin/wireless.cgi. The manipulation of the argument macAddr results in os command injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor wa...
CVE-2025-10358
A security vulnerability has been detected in Wavlink WL-WN578W2 221110. This affects the function sub404850 of the file /cgi-bin/wireless.cgi. The manipulation of the argument deletelist leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly...
CVE-2025-10325
A vulnerability was identified in Wavlink WL-WN578W2 221110. This impacts the function sub401340/sub401BA4 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might...
CVE-2025-10325 Wavlink WL-WN578W2 login.cgi sub_401BA4 command injection
A vulnerability was identified in Wavlink WL-WN578W2 221110. This impacts the function sub401340/sub401BA4 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might...
CVE-2025-10324 Wavlink WL-WN578W2 firewall.cgi sub_401C5C command injection
A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects the function sub401C5C of the file firewall.cgi. This manipulation of the argument pingFrmWANFilterEnabled/blockSynFloodEnabled/blockPortScanEnabled/remoteManagementEnabled causes command injection. It is possible to initia...
CVE-2025-10322
The CVE-2025-10322 entry concerns Wavlink WL-WN578W2 (firmware 221110). A flaw in /sysinit.html allows manipulation of the newpass/confpass parameter due to improper privilege handling, enabling weak password recovery. Exploitation is described as remote and publicly disclosed, with PoC activity ...