Wl Wn579a3 Firmware
Monthly
The WL-WN579A3 wireless router firmware contains a command injection vulnerability in the AddMac function of /cgi-bin/wireless.cgi that allows authenticated remote attackers to execute arbitrary commands with medium impact on confidentiality, integrity, and availability. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. Affected systems running firmware versions up to 20210219 require immediate mitigation through network segmentation or device replacement.
Unauthenticated command injection in the wireless configuration interface of Wavlink WL-WN579A3 firmware allows remote attackers to execute arbitrary commands through the delete_list parameter. Public exploit code is available for this vulnerability, and no patch has been released by the vendor despite early notification. Affected devices can be compromised remotely to gain full system access with minimal authentication requirements.
Command injection in the Wavlink WL-WN579A3 wireless router firmware allows authenticated remote attackers to execute arbitrary commands through the delete_list parameter in the /cgi-bin/wireless.cgi endpoint. Public exploit code exists for this vulnerability, and no vendor patch is currently available. Affected devices running firmware versions up to 20210219 face risk of complete system compromise from authenticated network access.
Wl-Wn579A3 Firmware versions up to 20210219. contains a vulnerability that allows attackers to command injection (CVSS 6.3).
Command injection in Wavlink WL-WN579A3 firmware through the SSID2G2 parameter of /cgi-bin/wireless.cgi allows authenticated remote attackers to execute arbitrary commands with limited privileges. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor. The flaw affects confidentiality, integrity, and availability of affected devices.
A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.
A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.
A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.
The WL-WN579A3 wireless router firmware contains a command injection vulnerability in the AddMac function of /cgi-bin/wireless.cgi that allows authenticated remote attackers to execute arbitrary commands with medium impact on confidentiality, integrity, and availability. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. Affected systems running firmware versions up to 20210219 require immediate mitigation through network segmentation or device replacement.
Unauthenticated command injection in the wireless configuration interface of Wavlink WL-WN579A3 firmware allows remote attackers to execute arbitrary commands through the delete_list parameter. Public exploit code is available for this vulnerability, and no patch has been released by the vendor despite early notification. Affected devices can be compromised remotely to gain full system access with minimal authentication requirements.
Command injection in the Wavlink WL-WN579A3 wireless router firmware allows authenticated remote attackers to execute arbitrary commands through the delete_list parameter in the /cgi-bin/wireless.cgi endpoint. Public exploit code exists for this vulnerability, and no vendor patch is currently available. Affected devices running firmware versions up to 20210219 face risk of complete system compromise from authenticated network access.
Wl-Wn579A3 Firmware versions up to 20210219. contains a vulnerability that allows attackers to command injection (CVSS 6.3).
Command injection in Wavlink WL-WN579A3 firmware through the SSID2G2 parameter of /cgi-bin/wireless.cgi allows authenticated remote attackers to execute arbitrary commands with limited privileges. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor. The flaw affects confidentiality, integrity, and availability of affected devices.
A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.
A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.
A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.