WAYOS FBM-220G rc sub_40F820 command injection_CVE-2026-2548

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub_40F820 of the file rc. Executing a manipulation of the argument upnp_waniface/upnp_ssdp_interval/upnp_max_age can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-2548

Source VulDB

Published Feb 16, 2026 at 09:02

Affected Product

Vendor WAYOS

Product FBM-220G

Version 24.10.19

Affected Versions WAYOS FBM-220G 24.10.19

CWE Classification

CWE-77 CWE-74

References

{
    "lastseen": "",
    "description": "A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub_40F820 of the file rc. Executing a manipulation of the argument upnp_waniface/upnp_ssdp_interval/upnp_max_age can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-02-16T09:02:05.796Z",
    "modified": "2026-02-16T09:02:05.796Z",
    "type": "cve",
    "title": "WAYOS FBM-220G rc sub_40F820 command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.346157\nhttps://vuldb.com/?ctiid.346157\nhttps://vuldb.com/?submit.749802\nhttps://github.com/glkfc/IoT-Vulnerability/blob/main/wayos/wayos.md",
    "id": "CVE-2026-2548",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "WAYOS FBM-220G 24.10.19",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FBM-220G",
    "version": "24.10.19",
    "vendor": "WAYOS",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}