ID

VAR-202603-2502


CVE

CVE-2026-4544


TITLE

WAVLINK of WL-WN578W2  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-013851

DESCRIPTION

A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects an unknown function of the file /cgi-bin/login.cgi of the component POST Request Handler. Executing a manipulation of the argument homepage/hostname/login_page can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. The exploitation method for this vulnerability has already been published and may be used. We reported this vulnerability to the vendor early on, but they did not take action.Some of the information handled by the software may be leaked to the outside. Also, some of the information handled by the software may be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability may affect other software

Trust: 1.62

sources: NVD: CVE-2026-4544 // JVNDB: JVNDB-2026-013851

AFFECTED PRODUCTS

vendor:wavlinkmodel:wl-wn578w2scope:eqversion:221110

Trust: 1.0

vendor:wavlinkmodel:wl-wn578w2scope:eqversion:wl-wn578w2 firmware 221110

Trust: 0.8

vendor:wavlinkmodel:wl-wn578w2scope:eqversion: -

Trust: 0.8

vendor:wavlinkmodel:wl-wn578w2scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-013851 // NVD: CVE-2026-4544

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-4544
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2026-4544
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2026-013851
value: MEDIUM

Trust: 0.8

cna@vuldb.com: CVE-2026-4544
severity: LOW
baseScore: 3.3
vectorString: AV:N/AC:L/AU:M/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-013851
severity: LOW
baseScore: 3.3
vectorString: AV:N/AC:L/AU:M/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-4544
baseSeverity: LOW
baseScore: 2.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2026-4544
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2026-013851
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-013851 // NVD: CVE-2026-4544 // NVD: CVE-2026-4544

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:CWE-94

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [ others ]

Trust: 0.8

problemtype: Code injection (CWE-94) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-013851 // NVD: CVE-2026-4544

PATCH

title:httpsurl:https://github.com/Litengzheng/vul_db/blob/main/WL-WN578W2/vul_6/README.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-013851

EXTERNAL IDS

db:NVDid:CVE-2026-4544

Trust: 2.6

db:VULDBid:352361

Trust: 1.0

db:JVNDBid:JVNDB-2026-013851

Trust: 0.8

sources: JVNDB: JVNDB-2026-013851 // NVD: CVE-2026-4544

REFERENCES

url:https://github.com/litengzheng/vul_db/blob/main/wl-wn578w2/vul_7/readme.md

Trust: 1.0

url:https://vuldb.com/?submit.774693

Trust: 1.0

url:https://vuldb.com/?submit.774692

Trust: 1.0

url:https://vuldb.com/?submit.774696

Trust: 1.0

url:https://vuldb.com/?id.352361

Trust: 1.0

url:https://github.com/litengzheng/vul_db/blob/main/wl-wn578w2/vul_6/readme.md

Trust: 1.0

url:https://vuldb.com/?ctiid.352361

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-4544

Trust: 0.8

sources: JVNDB: JVNDB-2026-013851 // NVD: CVE-2026-4544

SOURCES

db:JVNDBid:JVNDB-2026-013851
db:NVDid:CVE-2026-4544

LAST UPDATE DATE

2026-06-19T23:19:14.105000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-013851date:2026-05-01T01:45:00
db:NVDid:CVE-2026-4544date:2026-04-30T16:33:35.583

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-013851date:2026-05-01T00:00:00
db:NVDid:CVE-2026-4544date:2026-03-22T10:16:07.560