Is Command Injection affected by EUVD-2026-12204?

A critical remote code execution vulnerability affects Wavlink WL-WN578W2 wireless devices with a published exploit actively available. Any organization using this device model faces immediate risk of unauthorized system access and network compromise without remediation.

EUVD-2026-12204

| CVE-2026-4164 CRITICAL

2026-03-15 VulDB

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

PoC Detected

Mar 16, 2026 - 14:53 vuln.today

Public exploit code

Analysis Generated

Mar 15, 2026 - 04:00 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 04:00 euvd

EUVD-2026-12204

Patch Released

Mar 15, 2026 - 04:00 nvd

Patch available

CVE Published

Mar 15, 2026 - 03:02 nvd

CRITICAL 9.8

Description

A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete_Mac_list/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is possible to launch the attack remotely. The exploit has been published and may be used. It is recommended to upgrade the affected component.

Analysis

Critical command injection vulnerability in Wavlink WL-WN578W2 wireless routers (firmware version 221110) that allows unauthenticated remote attackers to execute arbitrary commands via specially crafted POST requests to multiple functions in the wireless.cgi script. A public proof-of-concept exploit is available on GitHub, and the vendor has released a patch, making this a high-priority issue for immediate remediation despite no current KEV listing.

Remediation

Within 24 hours: Inventory all Wavlink WL-WN578W2 devices across the organization and isolate affected units from production networks if possible. Within 7 days: Apply the available vendor patch to all identified devices and verify successful deployment. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +49

POC: +20

EUVD-2026-12204 vulnerability details – vuln.today

Back

EUVD-2026-12204

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-12204

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code