PT-2026-8298 · Wavlink · Wavlink Wl-Wn579A3

Kdb3169

Publicado

2026-02-15

Atualizado

2026-02-18

CVE-2026-2526

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN579A3 versions up to 20210219

Description A command injection issue exists in Wavlink WL-WN579A3. The issue is located in the multi ssid function within the /cgi-bin/wireless.cgi file. Manipulating the SSID2G2 argument can lead to command injection. This attack can be initiated remotely. The exploit has been publicly released. The vendor was notified but did not respond.

Recommendations Versions up to 20210219 should be updated when a fix becomes available. As a temporary workaround, restrict access to the /cgi-bin/wireless.cgi file. Avoid manipulating the SSID2G2 argument.

Exploit

Correção

Command Injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77CWE-74

Identificadores relacionados

BDU:2026-02017

CVE-2026-2526

Produtos afetados

Wavlink Wl-Wn579A3

PT-2026-8298 · Wavlink · Wavlink Wl-Wn579A3

CVE-2026-2526

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12