Is Command Injection affected by EUVD-2026-12192?

A critical remote command injection vulnerability affects Wavlink WL-WN579A3 wireless devices with a public exploit now available. Any organization using this device model faces immediate risk of unauthorized system access and network compromise.

EUVD-2026-12192

| CVE-2026-4163 CRITICAL

2026-03-14 VulDB

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

PoC Detected

Mar 16, 2026 - 14:53 vuln.today

Public exploit code

Analysis Generated

Mar 14, 2026 - 23:00 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 23:00 euvd

EUVD-2026-12192

Patch Released

Mar 14, 2026 - 23:00 nvd

Patch available

CVE Published

Mar 14, 2026 - 22:32 nvd

CRITICAL 9.8

Description

A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading the affected component is recommended.

Analysis

Critical command injection vulnerability in Wavlink WL-WN579A3 wireless router firmware version 220323, allowing unauthenticated remote attackers to execute arbitrary commands via the SetName/GuestWifi functions in /cgi-bin/wireless.cgi. A public proof-of-concept exploit is available, and while a vendor patch exists, the vulnerability has not yet been added to CISA's KEV catalog despite its high severity (CVSS 9.8).

Remediation

Within 24 hours: Identify and inventory all Wavlink WL-WN579A3 devices in your environment and isolate them from critical network segments if possible. Within 7 days: Apply the available vendor patch to all affected devices or replace them with supported alternatives. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +49

POC: +20

EUVD-2026-12192 vulnerability details – vuln.today

Back

EUVD-2026-12192

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-12192

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code