Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
2.1
CVE-2026-7690: Wavlink Router Firmware: Unauthorized Access via Username Manipulation
CVE-2026-7690
Summary
Some older Wavlink routers with specific firmware are at risk of being taken over by hackers. This is because the router's administrative interface has a weakness that allows attackers to execute unauthorized commands. If you have this outdated firmware, update your router to a newer version to prevent potential security breaches.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| wavlink | wl-wn570ha1_firmware |
r70ha1_v1410_221110 cpe:2.3:o:wavlink:wl-wn570ha1_firmware:r70ha1_v1410_221110:*:*:*:*:*:*:* |
Original title
A weakness has been identified in Wavlink WL-WN570HA1 R70HA1 V1410_221110. This issue affects the function set_sys_adm of the file /cgi-bin/adm.cgi. This manipulation of the argument Username cause...
Original description
A weakness has been identified in Wavlink WL-WN570HA1 R70HA1 V1410_221110. This issue affects the function set_sys_adm of the file /cgi-bin/adm.cgi. This manipulation of the argument Username causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Once again the vendors acted very professional and confirms, "that the WN570HA1 firmware version R70HA1 V1410_221110 has been removed from our website." This vulnerability only affects products that are no longer supported by the maintainer.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
2.1
Vulnerability type
CWE-74
Injection
CWE-77
Command Injection
Published: 3 May 2026 · Updated: 28 May 2026 · First seen: 3 May 2026