Skip to main content

Wl Wn579a3

2 CVEs product

Monthly

CVE-2026-6559 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in Wavlink WL-WN579A3 wireless router allows remote unauthenticated attackers to inject malicious scripts via the Hostname parameter in /cgi-bin/login.cgi, affecting all firmware versions prior to 2026-03-10. The vulnerability requires user interaction (UI:R) to trigger payload execution in a victim's browser, limiting direct remote code execution but enabling credential theft, session hijacking, or malware distribution. A vendor patch was released promptly after responsible disclosure.

XSS Wl Wn579a3
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-4163 HIGH POC PATCH This Week

Critical command injection vulnerability in Wavlink WL-WN579A3 wireless router firmware version 220323, allowing unauthenticated remote attackers to execute arbitrary commands via the SetName/GuestWifi functions in /cgi-bin/wireless.cgi. A public proof-of-concept exploit is available, and while a vendor patch exists, the vulnerability has not yet been added to CISA's KEV catalog despite its high severity (CVSS 9.8).

Command Injection Wl Wn579a3
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.2%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in Wavlink WL-WN579A3 wireless router allows remote unauthenticated attackers to inject malicious scripts via the Hostname parameter in /cgi-bin/login.cgi, affecting all firmware versions prior to 2026-03-10. The vulnerability requires user interaction (UI:R) to trigger payload execution in a victim's browser, limiting direct remote code execution but enabling credential theft, session hijacking, or malware distribution. A vendor patch was released promptly after responsible disclosure.

XSS Wl Wn579a3
NVD VulDB GitHub
EPSS 0% CVSS 8.9
HIGH POC PATCH This Week

Critical command injection vulnerability in Wavlink WL-WN579A3 wireless router firmware version 220323, allowing unauthenticated remote attackers to execute arbitrary commands via the SetName/GuestWifi functions in /cgi-bin/wireless.cgi. A public proof-of-concept exploit is available, and while a vendor patch exists, the vulnerability has not yet been added to CISA's KEV catalog despite its high severity (CVSS 9.8).

Command Injection Wl Wn579a3
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy