Skip to main content
CVE-2026-4163 HIGH POC PATCH This Week

Critical command injection vulnerability in Wavlink WL-WN579A3 wireless router firmware version 220323, allowing unauthenticated remote attackers to execute arbitrary commands via the SetName/GuestWifi functions in /cgi-bin/wireless.cgi. A public proof-of-concept exploit is available, and while a vendor patch exists, the vulnerability has not yet been added to CISA's KEV catalog despite its high severity (CVSS 9.8).

Command Injection Wl Wn579a3
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.2%
CVE-2025-54920 HIGH PATCH This Week

This issue affects Apache Spark: before 3.5.7 and 4.0.1.

Command Injection RCE Deserialization Apache Red Hat
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy