Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Wavlink WL-WN579A3 Wi-Fi Router Allows Remote Code Execution
CVE-2026-2526
Summary
A security flaw in the Wavlink WL-WN579A3 Wi-Fi router could allow an attacker to remotely take control of the device. This can happen if an attacker sends a special request to the router, which can be done from anywhere on the internet. To protect your device, it's recommended to update to a fixed version of the software or contact the manufacturer for assistance.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| wavlink | wl-wn579a3_firmware | <= 2021-02-19 | – |
Original title
A vulnerability was found in Wavlink WL-WN579A3 up to 20210219. This impacts the function multi_ssid of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument SSID2G2 results in ...
Original description
A vulnerability was found in Wavlink WL-WN579A3 up to 20210219. This impacts the function multi_ssid of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument SSID2G2 results in command injection. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.5
nvd CVSS3.1
8.8
nvd CVSS4.0
5.3
Vulnerability type
CWE-74
Injection
CWE-77
Command Injection
- https://github.com/MRAdera/IoT-Vuls/blob/main/wavlink/wn579a3/multi_ssid.md Exploit Third Party Advisory
- https://vuldb.com/?ctiid.346114 Permissions Required VDB Entry
- https://vuldb.com/?id.346114 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.748073 Third Party Advisory VDB Entry
Published: 16 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026