Is there a public PoC exploit available for CVE-2026-7691?

Yes, a public proof-of-concept exploit is available for CVE-2026-7691. Prioritise patching immediately. EPSS: 0.8%.

Wavlink WL-WN570HA1 CVE-2026-7691

Q: What is the CVSS score of CVE-2026-7691?

CVE-2026-7691 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.8%.

EUVD-2026-26830 LOW

Command Injection (CWE-77)

2026-05-03 VulDB

Command Injection

2.1

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

May 03, 2026 - 11:22 NVD

MEDIUM LOW

CVSS changed

May 03, 2026 - 11:22 NVD

6.3 (MEDIUM) 2.1 (LOW)

PoC Detected

May 03, 2026 - 11:16 vuln.today

Public exploit code

Analysis Generated

May 03, 2026 - 11:00 vuln.today

EUVD ID Assigned

May 03, 2026 - 10:45 euvd

EUVD-2026-26830

Analysis Generated

May 03, 2026 - 10:45 vuln.today

CVE Published

May 03, 2026 - 10:15 nvd

LOW 2.1

DescriptionNVD

A security vulnerability has been detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110. Impacted is the function set_sys_cmd of the file /cgi-bin/adm.cgi. Such manipulation of the argument command leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Once again the vendors acted very professional and confirms, "that the WN570HA1 firmware version R70HA1 V1410_221110 has been removed from our website." This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Command injection in Wavlink WL-WN570HA1 firmware version R70HA1 V1410_221110 allows authenticated remote attackers to execute arbitrary system commands via manipulation of the command argument in the set_sys_cmd function of /cgi-bin/adm.cgi. The vulnerability has publicly available exploit code and affects only discontinued products no longer maintained by the vendor.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7691 vulnerability details – vuln.today

Back