Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.3
Advantech WISE-6610: Remote Code Execution from Unauthenticated Access
CVE-2026-2670
Summary
An unknown function in the Background Management component of the Advantech WISE-6610 can be exploited by an attacker to execute unauthorized commands on the system. This can happen if an attacker sends a specially crafted request to the /cgi-bin/luci/admin/openvpn_apply file. Users should check with Advantech for a patch or update to fix this issue.
Original title
A vulnerability was identified in Advantech WISE-6610 1.2.1_20251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpn_apply of the component Background Management. Such mani...
Original description
A vulnerability was identified in Advantech WISE-6610 1.2.1_20251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpn_apply of the component Background Management. Such manipulation of the argument delete_file leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
8.3
nvd CVSS3.1
7.2
nvd CVSS4.0
7.3
Vulnerability type
CWE-77
Command Injection
CWE-78
OS Command Injection
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026