CVE-2026-2670: Advantech WISE-6610 Background Management openvpn_apply os command injection
A vulnerability was identified in Advantech WISE-6610 1.2.1_20251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpn_apply of the component Background Management. Such manipulation of the argument delete_file leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2026-2670?
CVE-2026-2670 is classified as a high-severity vulnerability due to the potential for remote code execution.
How does CVE-2026-2670 affect Advantech WISE-6610?
CVE-2026-2670 allows for OS command injection through the manipulation of the 'delete_file' argument in the file /cgi-bin/luci/admin/openvpn_apply.
Who is affected by CVE-2026-2670?
CVE-2026-2670 affects users of Advantech WISE-6610 software version 1.2.1_20251110.
How can I mitigate the risk of CVE-2026-2670?
To mitigate CVE-2026-2670, users should apply any security patches provided by Advantech and restrict access to the affected component.
Is CVE-2026-2670 exploitable remotely?
Yes, CVE-2026-2670 can be exploited remotely, allowing attackers to execute OS commands on vulnerable systems.