CVE-2026-2670
Received Received - Intake
OS Command Injection in Advantech WISE-6610 Background Management

Publication date: 2026-02-18

Last updated on: 2026-02-18

Assigner: VulDB

Description
A vulnerability was identified in Advantech WISE-6610 1.2.1_20251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpn_apply of the component Background Management. Such manipulation of the argument delete_file leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-18
Last Modified
2026-02-18
Generated
2026-05-07
AI Q&A
2026-02-19
EPSS Evaluated
2026-05-05
NVD
CVE-2026-2670
EUVD
EUVD-2026-7633
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
advantech wise-6610 1.2.1_20251110
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in Advantech WISE-6610 version 1.2.1_20251110, specifically in an unknown function within the file /cgi-bin/luci/admin/openvpn_apply of the Background Management component.

The issue arises from improper handling of the argument delete_file, which allows an attacker to perform OS command injection.

This means that an attacker can remotely execute arbitrary operating system commands on the affected device by manipulating this argument.

The exploit for this vulnerability is publicly available, increasing the risk of exploitation.


How can this vulnerability impact me? :

This vulnerability can have severe impacts because it allows remote attackers to execute arbitrary OS commands on the affected device.

Successful exploitation can lead to full compromise of the device, including unauthorized access, data manipulation, or disruption of services.

Given the high CVSS scores (7.2 to 8.3), the impact includes high confidentiality, integrity, and availability damage.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart