CVE-2026-4163

EUVD-2026-12192
A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading the affected component is recommended.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
VulDBCNA
9.8 CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://dl.wavlink.com/firmware/RD/WINSTAR_WN579A3-A-2026-03-10-94f93d4-WO-mt7628-squashfs-sysupgrade.bin
https://github.com/Litengzheng/vul_db/blob/main/WL-WN579A3/vul_10/README.md
https://github.com/Litengzheng/vul_db/blob/main/WL-WN579A3/vul_9/README.md
https://vuldb.com/?ctiid.351070
https://vuldb.com/?id.351070
https://vuldb.com/?submit.765327
https://vuldb.com/?submit.765328