إرسال #643437: Wavlink WL-WN578W2 M78W2_V221110 Command Injectionالمعلومات

عنوانWavlink WL-WN578W2 M78W2_V221110 Command Injection
الوصفA command injection vulnerability exists in the sys_login1 action of login.cgi (WAVLINK WL-WN578W2, firmware M78W2_V221110). The ipaddr parameter in sub_401BA4 function (login.c) lacks sanitization and is directly concatenated into system commands. With page=sys_login1 in POST requests to /cgi-bin/login.cgi, attackers with the password’s MD5 can inject arbitrary commands to control the device.
المصدر⚠️ https://github.com/ZZ2266/.github.io/tree/main/WAVLINK/WL-WN578W2/login.cgi/syslogin
المستخدم
 n0ps1ed (UID 88889)
ارسال28/08/2025 06:24 PM (8 أشهر منذ)
الاعتدال12/09/2025 02:38 PM (15 days later)
الحالةمكرر
إدخال VulDB323751 [Wavlink WL-WN578W2 221110 /cgi-bin/login.cgi sub_401340/sub_401BA4 ipaddr تجاوز الصلاحيات]
النقاط0

التالي نظرة عامة السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!