CVE-2026-4163

High CVSS: 8.9

A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading the affected component is recommended.

Vendor

Product

CWE

CWE-74

Yayın Tarihi

2026-03-16 14:19:55

Güncelleme

2026-03-16 14:53:07

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-74 HIGH 2026

Referanslar

https://dl.wavlink.com/firmware/RD/WINSTAR_WN579A3-A-2026-03-10-94f93d4-WO-mt7628-squashfs-sysupgrade.bin https://github.com/Litengzheng/vul_db/blob/main/WL-WN579A3/vul_10/README.md https://github.com/Litengzheng/vul_db/blob/main/WL-WN579A3/vul_9/README.md https://vuldb.com/?ctiid.351070 https://vuldb.com/?id.351070 https://vuldb.com/?submit.765327 https://vuldb.com/?submit.765328