CVE-2026-2529

CVSS v2.0

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN579A3 versions up to 20210219

Description A security flaw exists in Wavlink WL-WN579A3. The issue is due to command injection within the

DeleteMac

function located in the

/cgi-bin/wireless.cgi

file. Manipulation of the

delete list

argument can lead to remote code execution. The vendor was contacted regarding this issue but did not respond.

Recommendations Versions up to 20210219 should be updated when a fix becomes available. As a temporary workaround, restrict access to the

/cgi-bin/wireless.cgi

file. Avoid manipulating the

delete list

argument.

Fix

Special Elements Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

CVE-2026-2529

Wavlink Wl-Wn579A3