| Titel | Wavlink WL-WN578W2 M78W2_V221110 Command Injection |
|---|
| Beschreibung | An unauthenticated command injection vulnerability exists in the AddMac action of /cgi-bin/wireless.cgi (WAVLINK WL-WN578W2, firmware M78W2_V221110). The macAddr parameter is unsanitized and directly concatenated into system commands. Attackers can send POST requests with page=AddMac and inject arbitrary commands via macAddr—no login required—to execute operations. |
|---|
| Quelle | ⚠️ https://github.com/ZZ2266/.github.io/blob/main/WAVLINK/WL-WN578W2/wireless.cgi/add_mac/ |
|---|
| Benutzer | n0ps1ed (UID 88889) |
|---|
| Einreichung | 28.08.2025 18:31 (vor 10 Monaten) |
|---|
| Moderieren | 12.09.2025 14:42 (15 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 323773 [Wavlink WL-WN578W2 221110 /cgi-bin/wireless.cgi sub_404DBC macAddr erweiterte Rechte] |
|---|
| Punkte | 19 |
|---|