PT-2026-33617 · Wavlink · Wl-Wn579A3

Ltzhust2

Published

2026-04-18

Updated

2026-04-19

CVE-2026-6559

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN579A3 version 220323

Description A cross site scripting issue exists in the function sub 401F80() within the '/cgi-bin/login.cgi' file. This occurs due to the improper manipulation of the Hostname argument, allowing for remote exploitation.

Recommendations Upgrade the affected component to the fixed version released by the vendor.

Fix

XSS

Code Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94CWE-74

Related Identifiers

BDU:2026-05628

CVE-2026-6559

Affected Products

Wl-Wn579A3

PT-2026-33617 · Wavlink · Wl-Wn579A3

CVE-2026-6559

Weakness Enumeration

Related Identifiers

Affected Products

References · 12