CVE-2026-2670
Received Received - Intake
OS Command Injection in Advantech WISE-6610 Background Management

Publication date: 2026-02-18

Last updated on: 2026-02-18

Assigner: VulDB

Description
A vulnerability was identified in Advantech WISE-6610 1.2.1_20251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpn_apply of the component Background Management. Such manipulation of the argument delete_file leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-18
Last Modified
2026-02-18
Generated
2026-06-16
AI Q&A
2026-02-19
EPSS Evaluated
2026-06-15
NVD
CVE-2026-2670
EUVD
EUVD-2026-7633
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
advantech wise-6610 1.2.1_20251110
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Advantech WISE-6610 version 1.2.1_20251110, specifically in an unknown function within the file /cgi-bin/luci/admin/openvpn_apply of the Background Management component.

The issue arises from improper handling of the argument delete_file, which allows an attacker to perform OS command injection.

This means that an attacker can remotely execute arbitrary operating system commands on the affected device by manipulating this argument.

The exploit for this vulnerability is publicly available, increasing the risk of exploitation.

Impact Analysis

This vulnerability can have severe impacts because it allows remote attackers to execute arbitrary OS commands on the affected device.

Successful exploitation can lead to full compromise of the device, including unauthorized access, data manipulation, or disruption of services.

Given the high CVSS scores (7.2 to 8.3), the impact includes high confidentiality, integrity, and availability damage.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2670. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart