CVE-2026-2528

CVSS v2.0

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN579A3 versions up to 20210219

Description A command injection issue exists in the function

Delete Mac list

of the file

/cgi-bin/wireless.cgi

. Manipulation of the

delete list

argument can lead to command injection. Remote exploitation is possible. The exploit is publicly available. The vendor was contacted but did not respond.

Recommendations Apply updates to versions after 20210219. As a temporary workaround, restrict access to the

/cgi-bin/wireless.cgi

file. Avoid using the

delete list

argument in the

/cgi-bin/wireless.cgi

endpoint until the issue is resolved.

Exploit

Fix

Special Elements Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-77

Related Identifiers

CVE-2026-2528

Affected Products

Wavlink Wl-Wn579A3

CVE-2026-2528

Weakness Enumeration

Related Identifiers

Affected Products

References · 8