Critical command injection vulnerability in Wavlink WL-WN579A3 wireless router firmware version 220323, allowing unauthenticated remote attackers to execute arbitrary commands via the SetName/GuestWifi functions in /cgi-bin/wireless.cgi. A public proof-of-concept exploit is available, and while a vendor patch exists, the vulnerability has not yet been added to CISA's KEV catalog despite its high severity (CVSS 9.8).
Command Injection
Wl Wn579a3
NVD
VulDB
GitHub
CVSS 4.0
8.9
EPSS
0.2%
This issue affects Apache Spark: before 3.5.7 and 4.0.1.
Command Injection
RCE
Deserialization
Apache
Red Hat
NVD
GitHub
VulDB
CVSS 3.1
8.8
EPSS
0.2%