CVE-2026-2548
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary commands on WAYOS FBM-220G devices by manipulating specific parameters (upnp_waniface/upnp_ssdp_interval/upnp_max_age) in the rc file. The command injection flaw affects organizations using these devices, particularly those with internet-facing deployments. Attackers can exploit this without authentication to gain control of affected devices.
💻 Affected Systems
- WAYOS FBM-220G
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise allowing persistent backdoor installation, network pivoting to internal systems, and data exfiltration.
Likely Case
Remote code execution leading to device takeover, network disruption, and potential credential harvesting.
If Mitigated
Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation.
🎯 Exploit Status
Public GitHub repository contains vulnerability details. Remote exploitation without authentication makes weaponization likely.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available. Vendor did not respond to disclosure. Consider workarounds or device replacement.
🔧 Temporary Workarounds
Disable UPnP Service
allDisable Universal Plug and Play service if not required to remove attack vector
Check device web interface for UPnP settings and disable
Network Access Control
linuxRestrict network access to device management interfaces
iptables -A INPUT -p tcp --dport [device-port] -s [trusted-networks] -j ACCEPT
iptables -A INPUT -p tcp --dport [device-port] -j DROP
🧯 If You Can't Patch
- Isolate device on separate VLAN with strict firewall rules
- Implement network monitoring for suspicious traffic to/from device
🔍 How to Verify
Check if Vulnerable:
Check firmware version in device web interface or via SSH: cat /proc/version or similar vendor-specific commandCheck Version:
Check device web interface or use vendor-specific CLI commandsVerify Fix Applied:
No official fix available. Verify workarounds by testing UPnP functionality and network access controls.📡 Detection & Monitoring
Log Indicators:
- Unusual command execution in system logs
- UPnP parameter manipulation attempts
- Suspicious process creation
Network Indicators:
- Unexpected outbound connections from device
- Traffic to suspicious IPs/ports
- UPnP protocol abuse patterns
SIEM Query:
source="device-logs" AND ("upnp_waniface" OR "upnp_ssdp_interval" OR "upnp_max_age") AND command_execution