CVE-2026-7690
Published: 03 May 2026
Summary
CVE-2026-7690 is a low-severity Injection (CWE-74) vulnerability in Wavlink Wl-Wn570Ha1 Firmware. Its CVSS base score is 2.1 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 8.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A weakness has been identified in the Wavlink WL-WN570HA1 router running firmware R70HA1 V1410_221110. The issue resides in the set_sys_adm function of /cgi-bin/adm.cgi, where improper handling of the Username argument permits command injection. The flaw is remotely reachable and has been assigned CWE-74 and CWE-77.
An authenticated attacker with low privileges can supply crafted input to the Username parameter and execute arbitrary commands on the device. Public exploit code is available, enabling remote command injection that yields limited effects on confidentiality, integrity, and availability according to the CVSS 4.0 vector.
The vendor has stated that firmware version R70HA1 V1410_221110 has been removed from its website and confirmed the product is no longer supported, indicating no official patches will be issued.
EPSS scores rose from a baseline of 0.0041 to a peak of 0.0106 after disclosure, signaling increased exploitation interest in the unsupported device.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-26829
Vulnerability details
A weakness has been identified in Wavlink WL-WN570HA1 R70HA1 V1410_221110. This issue affects the function set_sys_adm of the file /cgi-bin/adm.cgi. This manipulation of the argument Username causes command injection. It is possible to initiate the attack remotely. The exploit has…
more
been made available to the public and could be used for attacks. Once again the vendors acted very professional and confirms, "that the WN570HA1 firmware version R70HA1 V1410_221110 has been removed from our website." This vulnerability only affects products that are no longer supported by the maintainer.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote command injection in public-facing CGI endpoint directly enables exploitation of public-facing apps and Unix shell command execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.
Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.