← back
CVE-2025-44868

CVE-2025-44868

CVSS 9.8 CRITICALEPSS 2.6%CWE-77
Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the ping_test function of the adm.cgi via the pingIp parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found1
cve_referencegithub.com/Summermu/VulnForIoT/blob/main/Wavlink_WL-WN530H4/ping_test/readme.mdunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/Summermu/VulnForIoT/blob/main/Wavlink_WL-WN530H4/ping_test/readme.mdhttps://github.com/Summermu/VulnForIoT/tree/main/Wavlink_WL-WN530H4/ping_test/readme.md