Which versions of Wavlink WL-WN579A3 are affected by CVE-2026-4163?

A critical remote command injection vulnerability affects Wavlink WL-WN579A3 wireless devices with a public exploit now available.. A patch is available.

Is there a public PoC exploit available for CVE-2026-4163?

Yes, a public proof-of-concept exploit is available for CVE-2026-4163. Prioritise patching immediately. EPSS: 0.2%.

Wavlink WL-WN579A3 CVE-2026-4163

Q: What is the CVSS score of CVE-2026-4163?

CVE-2026-4163 has a CVSS 4.0 base score of 8.9 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.2%.

EUVD-2026-12192 HIGH

Command Injection (CWE-77)

2026-03-14 VulDB

Command Injection

8.9

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 22, 2026 - 21:37 vuln.today

cvss_changed

Severity Changed

Apr 22, 2026 - 21:37 NVD

CRITICAL HIGH

CVSS changed

Apr 22, 2026 - 21:37 NVD

9.8 (CRITICAL) 8.9 (HIGH)

PoC Detected

Mar 16, 2026 - 14:53 vuln.today

Public exploit code

EUVD ID Assigned

Mar 14, 2026 - 23:00 euvd

EUVD-2026-12192

Analysis Generated

Mar 14, 2026 - 23:00 vuln.today

Patch released

Mar 14, 2026 - 23:00 nvd

Patch available

CVE Published

Mar 14, 2026 - 22:32 nvd

CRITICAL 9.8

DescriptionNVD

A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading the affected component is recommended.

AnalysisAI

Critical command injection vulnerability in Wavlink WL-WN579A3 wireless router firmware version 220323, allowing unauthenticated remote attackers to execute arbitrary commands via the SetName/GuestWifi functions in /cgi-bin/wireless.cgi. A public proof-of-concept exploit is available, and while a vendor patch exists, the vulnerability has not yet been added to CISA's KEV catalog despite its high severity (CVSS 9.8).

RemediationAI

Within 24 hours: Identify and inventory all Wavlink WL-WN579A3 devices in your environment and isolate them from critical network segments if possible. Within 7 days: Apply the available vendor patch to all affected devices or replace them with supported alternatives. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-4163 vulnerability details – vuln.today

Back

Wavlink WL-WN579A3 CVE-2026-4163

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Wavlink WL-WN579A3 CVE-2026-4163

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code