PT-2026-25511 · Wavlink · Wl-Wn579A3
Ltzhuster
·
Published
2026-03-14
·
Updated
2026-03-16
·
CVE-2026-4163
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Wavlink WL-WN579A3 version 220323
Description
A vulnerability exists in Wavlink WL-WN579A3 version 220323 that allows for remote command injection. The issue affects the
SetName/GuestWifi function within the /cgi-bin/wireless.cgi file of the POST Request Handler component. A manipulation of this component can lead to command injection, and the exploit is publicly available.API Endpoints
/cgi-bin/wireless.cgiVulnerable Parameters or Variables
None explicitly mentioned.
Recommendations
Upgrade the affected component to address this vulnerability.
Exploit
Fix
Special Elements Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wl-Wn579A3