CVE 8.6 HIGH

Advantech WISE-6610 Background Management openvpn_apply os command injection_CVE-2026-2670

February 18, 2026 invoker category_cve

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was identified in Advantech WISE-6610 1.2.1_20251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpn_apply of the component Background Management. Such manipulation of the argument delete_file leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

AI Analysis

OS command injection vulnerability in Advantech WISE-6610 Background Management

Basic Information

ID CVE-2026-2670

Source VulDB

Published Feb 18, 2026 at 21:02

Affected Product

Vendor Advantech

Product WISE-6610

Version 1.2.1_20251110

Affected Versions Advantech WISE-6610 1.2.1_20251110

CWE Classification

CWE-78 CWE-77

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Advantech

Product WISE-6610

Version 1.2.1_20251110

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in Advantech WISE-6610 1.2.1_20251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpn_apply of the component Background Management. Such manipulation of the argument delete_file leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-02-18T21:02:08.426Z",
    "modified": "2026-02-18T21:02:08.426Z",
    "type": "cve",
    "title": "Advantech WISE-6610 Background Management openvpn_apply os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.346467\nhttps://vuldb.com/?ctiid.346467\nhttps://vuldb.com/?submit.753293\nhttps://github.com/master-abc/cve/issues/37\nhttps://www.advantech.com/",
    "id": "CVE-2026-2670",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "Advantech WISE-6610 1.2.1_20251110",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WISE-6610",
    "version": "1.2.1_20251110",
    "vendor": "Advantech",
    "ai_description": "OS command injection vulnerability in Advantech WISE-6610 Background Management",
    "ai_severity": "High",
    "ai_vendor": "Advantech",
    "ai_product": "WISE-6610",
    "ai_version": "1.2.1_20251110",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply