Vulnerability Description
A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete_Mac_list/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is possible to launch the attack remotely. The exploit has been published and may be used. It is recommended to upgrade the affected component.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://dl.wavlink.com/firmware/RD/WINSTAR_WN578W2-A-2026-03-10-94f93d4-WO-mt762
- https://github.com/Litengzheng/vul_db/blob/main/WL-WN578W2/vul_1/README.md
- https://github.com/Litengzheng/vul_db/blob/main/WL-WN578W2/vul_2/README.md
- https://vuldb.com/?ctiid.351071
- https://vuldb.com/?id.351071
- https://vuldb.com/?submit.768292
- https://vuldb.com/?submit.768293
- https://vuldb.com/?submit.768294
FAQ
What is CVE-2026-4164?
CVE-2026-4164 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete_Mac_list/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a mani...
How severe is CVE-2026-4164?
CVE-2026-4164 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-4164?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.