ID

VAR-202603-2391


CVE

CVE-2026-4543


TITLE

WAVLINK of WL-WN578W2  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-013852

DESCRIPTION

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmz_flag/del_flag results in command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. Also, some of the information handled by the software may be rewritten. Furthermore, some of the software may stop functioning. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-4543 // JVNDB: JVNDB-2026-013852

AFFECTED PRODUCTS

vendor:wavlinkmodel:wl-wn578w2scope:eqversion:221110

Trust: 1.0

vendor:wavlinkmodel:wl-wn578w2scope:eqversion:wl-wn578w2 firmware 221110

Trust: 0.8

vendor:wavlinkmodel:wl-wn578w2scope:eqversion: -

Trust: 0.8

vendor:wavlinkmodel:wl-wn578w2scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-013852 // NVD: CVE-2026-4543

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-4543
value: LOW

Trust: 1.0

OTHER: JVNDB-2026-013852
value: MEDIUM

Trust: 0.8

cna@vuldb.com: CVE-2026-4543
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-013852
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-4543
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-013852
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-013852 // NVD: CVE-2026-4543

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.0

problemtype:CWE-77

Trust: 1.0

problemtype:injection (CWE-74) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-013852 // NVD: CVE-2026-4543

PATCH

title:httpsurl:https://github.com/Litengzheng/vul_db/blob/main/WL-WN578W2/vul_4/README.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-013852

EXTERNAL IDS

db:NVDid:CVE-2026-4543

Trust: 2.6

db:VULDBid:352360

Trust: 1.0

db:JVNDBid:JVNDB-2026-013852

Trust: 0.8

sources: JVNDB: JVNDB-2026-013852 // NVD: CVE-2026-4543

REFERENCES

url:https://vuldb.com/?submit.774690

Trust: 1.0

url:https://vuldb.com/?submit.774691

Trust: 1.0

url:https://github.com/litengzheng/vul_db/blob/main/wl-wn578w2/vul_4/readme.md

Trust: 1.0

url:https://vuldb.com/?ctiid.352360

Trust: 1.0

url:https://github.com/litengzheng/vul_db/blob/main/wl-wn578w2/vul_5/readme.md

Trust: 1.0

url:https://vuldb.com/?id.352360

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-4543

Trust: 0.8

sources: JVNDB: JVNDB-2026-013852 // NVD: CVE-2026-4543

SOURCES

db:JVNDBid:JVNDB-2026-013852
db:NVDid:CVE-2026-4543

LAST UPDATE DATE

2026-06-19T23:43:38.607000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-013852date:2026-05-01T01:45:00
db:NVDid:CVE-2026-4543date:2026-04-30T16:33:07.570

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-013852date:2026-05-01T00:00:00
db:NVDid:CVE-2026-4543date:2026-03-22T10:16:07.200