Wl Wn579a3 Firmware
CVE-2026-2529
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3DescriptionCVE.org
A security flaw has been discovered in Wavlink WL-WN579A3 up to 20210219. Affected by this issue is the function DeleteMac of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list results in command injection. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Unauthenticated command injection in the wireless configuration interface of Wavlink WL-WN579A3 firmware allows remote attackers to execute arbitrary commands through the delete_list parameter. Public exploit code is available for this vulnerability, and no patch has been released by the vendor despite early notification. Affected devices can be compromised remotely to gain full system access with minimal authentication requirements.
Technical ContextAI
Affects Wl-Wn579A3 Firmware. A security flaw has been discovered in Wavlink WL-WN579A3 up to 20210219. Affected by this issue is the function DeleteMac of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list results in command injection. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Wl Wn579a3 Firmware
View allCommand injection in the Wavlink WL-WN579A3 wireless router firmware allows authenticated remote attackers to execute ar
Wl-Wn579A3 Firmware versions up to 20210219. contains a vulnerability that allows attackers to command injection (CVSS 6
The WL-WN579A3 wireless router firmware contains a command injection vulnerability in the AddMac function of /cgi-bin/wi
Command injection in Wavlink WL-WN579A3 firmware through the SSID2G2 parameter of /cgi-bin/wireless.cgi allows authentic
A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to
A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execu
A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execu
Same technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today