CVE-2026-2548
Remote Command Injection in WAYOS FBM-220G via UPnP Parameters
Publication date: 2026-02-16
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wayos | fbm-220g | 24.10.19 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-2548 is a command injection vulnerability found in WAYOS FBM-220G version 24.10.19. It affects the function sub_40F820 within the file rc. The flaw arises because certain configuration parameters (upnp_waniface, upnp_ssdp_interval, and upnp_max_age) are retrieved without proper input sanitization and then used to construct system commands. This allows an attacker who can manipulate these parameters to inject arbitrary commands that the system will execute.
The attack can be executed remotely, meaning no physical access to the device is required. The vulnerability is due to improper handling of external inputs leading to command injection (CWE-77).
How can this vulnerability impact me? :
This vulnerability can lead to remote code execution on the affected device, allowing an attacker to run arbitrary commands with the privileges of the vulnerable process. This can result in full compromise of the device.
- Loss of confidentiality, as attackers may access sensitive information.
- Loss of integrity, since attackers can alter system configurations or data.
- Loss of availability, potentially causing denial of service or device malfunction.
Because the attack can be performed remotely without user interaction, it poses a significant security risk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves command injection through manipulation of the configuration parameters upnp_waniface, upnp_ssdp_interval, and upnp_max_age on WAYOS FBM-220G devices running firmware version 24.10.19.'}, {'type': 'paragraph', 'content': 'Detection would involve checking the current values of these parameters for suspicious or unexpected content that could indicate exploitation attempts.'}, {'type': 'paragraph', 'content': "Since the vulnerability is in the rc binary's sub_40F820 function and involves nvram_get parameters, you can attempt to inspect these parameters on the device if you have access."}, {'type': 'list_item', 'content': 'Check the values of upnp_waniface, upnp_ssdp_interval, and upnp_max_age using device-specific commands or configuration interfaces.'}, {'type': 'list_item', 'content': 'Look for unusual or shell command characters in these parameters that could indicate command injection payloads.'}, {'type': 'paragraph', 'content': 'No specific detection commands or tools are provided in the available resources.'}] [2, 3]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'There are no known official mitigations or countermeasures published by the vendor, as the vendor did not respond to the disclosure.'}, {'type': 'paragraph', 'content': 'Due to the severity and ease of exploitation, the suggested immediate mitigation is to replace the affected product or firmware version.'}, {'type': 'paragraph', 'content': 'Additionally, restricting remote access to the device and monitoring for suspicious activity related to the vulnerable parameters may help reduce risk.'}, {'type': 'paragraph', 'content': "Applying network-level protections such as firewall rules to limit access to the device's management interfaces can also help mitigate exploitation."}] [3]