PT-2026-8302 · Wavlink · Wavlink Wl-Wn579A3

Kdb3169

Publicado

2026-02-15

Atualizado

2026-02-18

CVE-2026-2528

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN579A3 versions up to 20210219

Description A command injection issue exists in the function Delete Mac list of the file /cgi-bin/wireless.cgi. Manipulation of the delete list argument can lead to command injection. Remote exploitation is possible. The exploit is publicly available. The vendor was contacted but did not respond.

Recommendations Apply updates to versions after 20210219. As a temporary workaround, restrict access to the /cgi-bin/wireless.cgi file. Avoid using the delete list argument in the /cgi-bin/wireless.cgi endpoint until the issue is resolved.

Exploit

Correção

Command Injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77CWE-74

Identificadores relacionados

BDU:2026-02019

CVE-2026-2528

Produtos afetados

Wavlink Wl-Wn579A3

PT-2026-8302 · Wavlink · Wavlink Wl-Wn579A3

CVE-2026-2528

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12