CVE-2026-4543 is a command injection vulnerability affecting the Wavlink WL-WN578W2 router, specifically firmware version 221110. The vulnerability resides in an unspecified function within the /cgi-bin/firewall.cgi component that handles POST requests. By manipulating the dmz_flag or del_flag parameters in the POST request, an attacker can inject arbitrary commands that the device executes. This flaw allows remote attackers to execute commands on the device without requiring authentication or user interaction, increasing the risk of exploitation. The vulnerability was responsibly disclosed to Wavlink, but the vendor has not issued any patches or advisories. Public exploit code has been released, increasing the likelihood of active exploitation. The CVSS v4.0 score of 5.3 reflects medium severity, considering the network attack vector, low attack complexity, no privileges or user interaction required, but limited impact on confidentiality, integrity, and availability. The lack of vendor response and public exploit availability make this a significant risk for affected users. The vulnerability could enable attackers to gain control over the router, modify firewall rules, intercept or redirect traffic, and potentially launch further attacks within the network.

The primary impact of CVE-2026-4543 is unauthorized remote command execution on affected Wavlink WL-WN578W2 devices. This can lead to full compromise of the router, allowing attackers to alter firewall configurations, intercept or manipulate network traffic, and establish persistent access. For organizations, this could result in data breaches, network downtime, and lateral movement into internal systems. Since the device is often deployed in small office or home office environments, compromised routers could serve as entry points for broader attacks or botnet recruitment. The absence of vendor patches and the availability of public exploits increase the risk of widespread exploitation. Organizations relying on this device for network perimeter security face elevated risks of confidentiality, integrity, and availability breaches. Additionally, attackers could use compromised routers to launch attacks against other networked assets, amplifying the threat.

Given the lack of vendor patches, organizations should immediately implement compensating controls. First, isolate affected Wavlink WL-WN578W2 devices from critical network segments and restrict management interface access to trusted IP addresses only. Disable remote management features if enabled. Monitor network traffic for unusual activity originating from these devices. Consider replacing the affected hardware with routers from vendors with active security support. If replacement is not immediately feasible, deploy network-level intrusion detection/prevention systems (IDS/IPS) to detect and block exploitation attempts targeting /cgi-bin/firewall.cgi endpoints. Regularly audit router configurations and firmware versions to ensure no unauthorized changes. Maintain strict network segmentation to limit potential lateral movement from compromised devices. Finally, maintain awareness of any future vendor advisories or third-party patches and apply them promptly.