CVE-2026-3715
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the function sub_40139C of the file /cgi-bin/firewall.cgi. Performing a manipulation of the argument del_flag results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used. Upgrading to version 20260226 is able to mitigate this issue. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Analysis
Remote code execution in Wavlink WL-WN579X3-C firmware through stack-based buffer overflow in the firewall.cgi module allows unauthenticated attackers to achieve complete system compromise via manipulation of the del_flag parameter. Public exploit code exists for this vulnerability, and no patch is currently available despite vendor notification. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify and inventory all Wavlink WL-WN579X3-C devices in your environment and restrict network access to the /cgi-bin/firewall.cgi endpoint. Within 7 days: Implement network segmentation to isolate affected devices and monitor for exploitation attempts; contact Wavlink support for patch timeline and workarounds. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today