Wl Wn530H4
Monthly
OS command injection in Wavlink WL-WN530H4 router's internet.cgi endpoint allows authenticated attackers with high privileges to execute arbitrary system commands remotely. The vulnerability, affecting firmware version 20220721, resides in unsafe use of strcat/snprintf functions handling user input. Public exploit code exists (EPSS risk elevated by POC availability), though exploitation requires administrative credentials (PR:H), limiting automated mass exploitation. Vendor-released firmware patch 2026.04.16 available.
OS command injection in Wavlink WL-WN530H4 router's internet.cgi endpoint allows authenticated attackers with high privileges to execute arbitrary system commands remotely. The vulnerability, affecting firmware version 20220721, resides in unsafe use of strcat/snprintf functions handling user input. Public exploit code exists (EPSS risk elevated by POC availability), though exploitation requires administrative credentials (PR:H), limiting automated mass exploitation. Vendor-released firmware patch 2026.04.16 available.