CVE-2025-44882

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN579A3 version 1.0

Description A command injection vulnerability in the component /cgi-bin/firewall.cgi allows attackers to execute arbitrary commands via a crafted input. This issue affects the /cgi-bin/firewall.cgi endpoint, where attackers can exploit the vulnerability by manipulating the input.

Recommendations For Wavlink WL-WN579A3 version 1.0, as a temporary workaround, consider disabling access to the /cgi-bin/firewall.cgi endpoint until a patch is available. Restrict access to this component to minimize the risk of exploitation. Avoid using crafted inputs in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.