dxz0069/WAVLINK-WN530H4-Command-Injection-in-set_add_routing

Releases0

submit

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-8271 ↗	May 11, 2026Monday, 11 May 2026, 05:16	4.7 MEDIUM	5.8 MEDIUM
A vulnerability was identified in D-Link DNS-320 2.06B01. The impacted element is the function cgi_speed/cgi_dhcpd_lease/cgi_ddns/cgi_set_ip/cgi_upnp_del/cgi_dhcpd/cgi_upnp_add/cgi_upnp_edit of the file /cgi-bin/network_mgr.cgi. The manipulation leads to os command injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
CVE-2026-8272 ↗	May 11, 2026Monday, 11 May 2026, 05:16	4.7 MEDIUM	5.8 MEDIUM
A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfile_mgr.cgi. The manipulation results in os command injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
CVE-2026-8273 ↗	May 11, 2026Monday, 11 May 2026, 05:16	4.7 MEDIUM	5.8 MEDIUM
A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgi_set_host/cgi_set_ntp/cgi_fan_control/cgi_merge_user of the file /cgi-bin/system_mgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely.
CVE-2026-8265 ↗	May 11, 2026Monday, 11 May 2026, 04:16	4.7 MEDIUM	5.8 MEDIUM
A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get_log_file of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-8264 ↗	May 11, 2026Monday, 11 May 2026, 04:16	6.3 MEDIUM	6.5 MEDIUM
A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-8259 ↗	May 11, 2026Monday, 11 May 2026, 02:16	4.7 MEDIUM	5.8 MEDIUM
A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
CVE-2026-6483 ↗	Apr 17, 2026Friday, 17 April 2026, 11:16	7.2 HIGH	8.3 HIGH
A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 2026.04.16 is able to resolve this issue. Upgrading the affected component is recommended.