CVE-2026-4543 is a command injection vulnerability identified in the Wavlink WL-WN578W2 router firmware version 221110. The vulnerability resides in an unspecified function within the /cgi-bin/firewall.cgi component, specifically in the POST request handler that processes the dmz_flag and del_flag parameters. By manipulating these parameters, an attacker can inject arbitrary commands that the device executes, leading to remote code execution. The attack vector is network-based and requires no authentication or user interaction, making it remotely exploitable by any attacker with network access to the device. The vulnerability was responsibly disclosed to Wavlink, but the vendor did not respond or provide a patch. The CVSS 4.0 base score is 5.3, indicating medium severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:L), and no user interaction (UI:N). The impact on confidentiality, integrity, and availability is low to limited, but successful exploitation could allow attackers to execute arbitrary commands, potentially disrupting device operation or enabling further network compromise. No known exploits are currently active in the wild, but public disclosure of the exploit code increases the risk of future attacks. The vulnerability affects a widely used consumer and small business router model, which could be deployed in various global regions.

The primary impact of CVE-2026-4543 is unauthorized remote command execution on affected Wavlink WL-WN578W2 devices. This can lead to full compromise of the router, allowing attackers to alter configurations, disrupt network traffic, or pivot into internal networks. Confidentiality risks include interception or manipulation of network traffic passing through the device. Integrity can be compromised by unauthorized changes to firewall rules or device settings. Availability may be affected if attackers disrupt device functionality or cause denial of service. Organizations relying on these routers for perimeter security or network segmentation may face increased exposure to lateral movement and data exfiltration. The lack of vendor response and patch availability prolongs exposure, increasing the window for exploitation. While no active exploits are known, the public availability of exploit details raises the likelihood of opportunistic attacks, especially in environments with poor network segmentation or exposed management interfaces.

To mitigate CVE-2026-4543, organizations should first isolate affected Wavlink WL-WN578W2 devices from untrusted networks and restrict access to management interfaces via network segmentation and firewall rules. Disable remote management features if enabled. Monitor network traffic for unusual POST requests targeting /cgi-bin/firewall.cgi and anomalous command execution patterns. Employ network intrusion detection systems (NIDS) with signatures tuned to detect exploitation attempts of this vulnerability. Since no official patch is available, consider replacing affected devices with models from vendors that provide timely security updates. If replacement is not immediately feasible, implement strict access control lists (ACLs) to limit device management access to trusted IP addresses only. Regularly audit device configurations and logs for signs of compromise. Engage with Wavlink support channels to request patch status and updates. Maintain up-to-date network segmentation and endpoint security controls to limit attacker movement in case of compromise.