CVE-2026-2530

CVSS v2.0

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN579A3 versions up to 20210219

Description A flaw exists in Wavlink WL-WN579A3 that allows for remote command injection. The issue is located in the

AddMac

function within the

/cgi-bin/wireless.cgi

file. Manipulation of the

macAddr

argument can lead to command execution. The exploit code has been publicly released. The vendor was notified but did not respond.

Recommendations Versions up to 20210219 should be updated when a fix becomes available. As a temporary workaround, restrict access to the

/cgi-bin/wireless.cgi

file. Avoid using the

macAddr

parameter until the issue is resolved.

Exploit

Fix

Special Elements Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

CVE-2026-2530

Wavlink Wl-Wn579A3