CVE-2026-4164 - Wavlink WL-WN578W2 - Command Injection

Overview

Wavlink WL-WN578W2 221110 contains a command injection caused by manipulation in Delete_Mac_list/SetName/GuestWifi functions in /cgi-bin/wireless.cgi POST Request Handler, letting remote attackers execute arbitrary commands, exploit requires crafted POST request.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 16.7%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute arbitrary commands, potentially taking full control of the device.

Mitigation

Upgrade to the latest version of the affected component.

References

Social Media Activity(2 posts)

TheHackerWire

@thehackerwire

Mar 16, 2026

🔴 CVE-2026-4164 - Critical (9.8) A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete_Mac_list/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is p... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4164/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

TheHackerWire

@thehackerwire

Mar 16, 2026

🔴 CVE-2026-4164 - Critical (9.8) A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete_Mac_list/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is p... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4164/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

CVE-2026-4164 - Vulnerability Analysis

Overview

Severity & Score

Impact

Mitigation

References

Social Media Activity(2 posts)

Related Resources

Details

CWE

CVSS Metrics

EPSS Score