Is there a public PoC exploit available for CVE-2026-7690?

Yes, a public proof-of-concept exploit is available for CVE-2026-7690. Prioritise patching immediately. EPSS: 0.8%.

Wavlink WL-WN570HA1 CVE-2026-7690

Q: What is the CVSS score of CVE-2026-7690?

CVE-2026-7690 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.8%.

EUVD-2026-26829 LOW

Command Injection (CWE-77)

2026-05-03 VulDB

Command Injection

2.1

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

May 03, 2026 - 10:45 vuln.today

Severity Changed

May 03, 2026 - 10:22 NVD

MEDIUM LOW

CVSS changed

May 03, 2026 - 10:22 NVD

6.3 (MEDIUM) 2.1 (LOW)

PoC Detected

May 03, 2026 - 10:16 vuln.today

Public exploit code

EUVD ID Assigned

May 03, 2026 - 10:15 euvd

EUVD-2026-26829

Analysis Generated

May 03, 2026 - 10:15 vuln.today

CVE Published

May 03, 2026 - 09:45 nvd

LOW 2.1

DescriptionNVD

A weakness has been identified in Wavlink WL-WN570HA1 R70HA1 V1410_221110. This issue affects the function set_sys_adm of the file /cgi-bin/adm.cgi. This manipulation of the argument Username causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Once again the vendors acted very professional and confirms, "that the WN570HA1 firmware version R70HA1 V1410_221110 has been removed from our website." This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Command injection in Wavlink WL-WN570HA1 firmware R70HA1 V1410_221110 allows authenticated remote attackers to execute arbitrary commands via the Username parameter in the set_sys_adm function of /cgi-bin/adm.cgi. Publicly available exploit code exists for this vulnerability affecting end-of-life hardware no longer supported by the vendor.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7690 vulnerability details – vuln.today

Back