CVE-2026-7690 | Wavlink WL-WN570HA1 R70HA1 V1410_221110 /cgi-bin/adm.cgi set_sys_adm Username command injection

A vulnerability identified as critical has been detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110. This issue affects the function set_sys_adm of the file /cgi-bin/adm.cgi. This manipulation of the argument Username causes command injection. This vulnerability only affects products that are no longer supported by the maintainer.

The identification of this vulnerability is CVE-2026-7690. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Once again the vendors acted very professional and confirms, “that the WN570HA1 firmware version R70HA1 V1410_221110 has been removed from our website.”VulDB Recent EntriesRead More