CVE-2026-7692: Command Injection in Wavlink WL-WN570HA1
CVE-2026-7692 is a command injection vulnerability in the Wavlink WL-WN570HA1 router firmware version R70HA1 V1410_221110. The flaw exists in the ping_ddns function within /cgi-bin/adm. cgi, allowing remote attackers to inject commands via manipulation of the DDNS argument. The vendor has removed the affected firmware version from their website and no longer supports this product. There is no official patch or remediation available. The vulnerability has a medium severity score of 5. 3 and a public exploit exists, but no known exploitation in the wild has been reported.
AI Analysis
Technical Summary
This vulnerability affects the Wavlink WL-WN570HA1 router running firmware R70HA1 V1410_221110. The issue is a command injection in the ping_ddns function of the /cgi-bin/adm.cgi file, triggered by manipulating the DDNS argument remotely. The vendor has discontinued support for this firmware version and removed it from their website, indicating no official fix is provided. The CVSS 4.0 score is 5.3 (medium severity), with network attack vector, low complexity, and no privileges or user interaction required. Exploit code is publicly available, but no confirmed active exploitation has been documented.
Potential Impact
Successful exploitation allows remote attackers to execute arbitrary commands on the affected device with the privileges of the vulnerable function, potentially compromising the device. Since the affected firmware is no longer supported and no patch is available, devices running this version remain vulnerable if still in use.
Mitigation Recommendations
The vendor has removed the vulnerable firmware version from their website and does not provide a patch or official fix. Users should discontinue use of the affected firmware version R70HA1 V1410_221110 and upgrade to a supported, patched firmware version if available. If upgrading is not possible, replacing the device is recommended to mitigate risk. Patch status is not yet confirmed due to lack of official remediation; check vendor advisories for updates.
CVE-2026-7692: Command Injection in Wavlink WL-WN570HA1
Description
CVE-2026-7692 is a command injection vulnerability in the Wavlink WL-WN570HA1 router firmware version R70HA1 V1410_221110. The flaw exists in the ping_ddns function within /cgi-bin/adm. cgi, allowing remote attackers to inject commands via manipulation of the DDNS argument. The vendor has removed the affected firmware version from their website and no longer supports this product. There is no official patch or remediation available. The vulnerability has a medium severity score of 5. 3 and a public exploit exists, but no known exploitation in the wild has been reported.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects the Wavlink WL-WN570HA1 router running firmware R70HA1 V1410_221110. The issue is a command injection in the ping_ddns function of the /cgi-bin/adm.cgi file, triggered by manipulating the DDNS argument remotely. The vendor has discontinued support for this firmware version and removed it from their website, indicating no official fix is provided. The CVSS 4.0 score is 5.3 (medium severity), with network attack vector, low complexity, and no privileges or user interaction required. Exploit code is publicly available, but no confirmed active exploitation has been documented.
Potential Impact
Successful exploitation allows remote attackers to execute arbitrary commands on the affected device with the privileges of the vulnerable function, potentially compromising the device. Since the affected firmware is no longer supported and no patch is available, devices running this version remain vulnerable if still in use.
Mitigation Recommendations
The vendor has removed the vulnerable firmware version from their website and does not provide a patch or official fix. Users should discontinue use of the affected firmware version R70HA1 V1410_221110 and upgrade to a supported, patched firmware version if available. If upgrading is not possible, replacing the device is recommended to mitigate risk. Patch status is not yet confirmed due to lack of official remediation; check vendor advisories for updates.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-02T16:33:38.615Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f72fd4cbff5d8610f05c43
Added to database: 5/3/2026, 11:21:56 AM
Last enriched: 5/3/2026, 11:36:19 AM
Last updated: 5/3/2026, 12:42:33 PM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.