| Title | Wavlink WL-WN578W2 M78W2_V221110 Command Injection |
|---|
| Description | An unauthenticated command injection vulnerability exists in the AddMac action of /cgi-bin/wireless.cgi (WAVLINK WL-WN578W2, firmware M78W2_V221110). The macAddr parameter is unsanitized and directly concatenated into system commands. Attackers can send POST requests with page=AddMac and inject arbitrary commands via macAddr—no login required—to execute operations. |
|---|
| Source | ⚠️ https://github.com/ZZ2266/.github.io/blob/main/WAVLINK/WL-WN578W2/wireless.cgi/add_mac/ |
|---|
| User | n0ps1ed (UID 88889) |
|---|
| Submission | 08/28/2025 18:31 (10 months ago) |
|---|
| Moderation | 09/12/2025 14:42 (15 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 323773 [Wavlink WL-WN578W2 221110 /cgi-bin/wireless.cgi sub_404DBC macAddr os command injection] |
|---|
| Points | 19 |
|---|