Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
A security vulnerability has been detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110. Impacted is the function set_sys_cmd of the file /cgi-bin/adm.cgi. Such manipulation of the argument command leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Once again the vendors acted very professional and confirms, "that the WN570HA1 firmware version R70HA1 V1410_221110 has been removed from our website." This vulnerability only affects products that are no longer supported by the maintainer.
AnalysisAI
Command injection in Wavlink WL-WN570HA1 firmware version R70HA1 V1410_221110 allows authenticated remote attackers to execute arbitrary system commands via manipulation of the command argument in the set_sys_cmd function of /cgi-bin/adm.cgi. The vulnerability has publicly available exploit code and affects only discontinued products no longer maintained by the vendor.
Technical ContextAI
The vulnerability exists in the CGI script /cgi-bin/adm.cgi on Wavlink WL-WN570HA1 wireless networking devices. The set_sys_cmd function fails to properly sanitize or validate the command parameter before passing it to system execution routines, enabling CWE-77 (Improper Neutralization of Special Elements used in a Command). This is a classic command injection flaw where untrusted user input is directly concatenated into shell commands without escaping or validation. The attack vector is network-based, targeting the web administration interface of the router.
RemediationAI
No vendor-released patch is available for this discontinued product. The vendor has confirmed the affected firmware version R70HA1 V1410_221110 is no longer supported. Primary remediation requires hardware replacement with a current Wavlink model or alternative vendor equipment. If replacement is not immediately feasible, implement compensating controls: restrict network access to /cgi-bin/adm.cgi to trusted administrative IP ranges using firewall rules, disable remote web management and access the device only via local network when necessary, change default administrative credentials if not already customized, and isolate affected devices on a segmented network with minimal trust relationships to critical systems. These controls reduce but do not eliminate risk; complete hardware replacement is the only permanent solution.
More in Wl Wn570Ha1
View allSame weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26830