Wavlink WL-WN570HA1 Command Injection Vulnerability in ping_ddns Function

Vulnerability

A command injection vulnerability has been identified in the Wavlink WL-WN570HA1 router, specifically in firmware version R70HA1 V1410_221110. The issue arises in the ping_ddns function within the /cgi-bin/adm.cgi file, where improper handling of the DDNS argument allows for command injection. This vulnerability can be exploited remotely. Although the exploit is public, Wavlink has removed the affected firmware version from their website.

Impact

Exploitation of this vulnerability allows for command injection, where an attacker can execute arbitrary commands on the device.

Added: May 3, 2026, 11:19 AM

Updated: May 3, 2026, 11:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.7

remediation

0.0

relevance

7.3

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.7

remediation

0.0

relevance

7.3

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Wavlink WL-WN570HA1 Command Injection Vulnerability in ping_ddns Function

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating