Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Wavlink WL-WN579A3 wireless settings can be remotely controlled
CVE-2026-2529
Summary
A security issue in the Wavlink WL-WN579A3's wireless settings interface allows a hacker to execute unauthorized commands remotely. This can happen if you're using an outdated version of the device's software, which is no longer supported by the vendor. Update your software to the latest version to protect your network.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| wavlink | wl-wn579a3_firmware | <= 2021-02-19 | – |
Original title
A security flaw has been discovered in Wavlink WL-WN579A3 up to 20210219. Affected by this issue is the function DeleteMac of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete...
Original description
A security flaw has been discovered in Wavlink WL-WN579A3 up to 20210219. Affected by this issue is the function DeleteMac of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list results in command injection. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.5
nvd CVSS3.1
9.8
nvd CVSS4.0
5.3
Vulnerability type
CWE-74
Injection
CWE-77
Command Injection
- https://github.com/MRAdera/IoT-Vuls/blob/main/wavlink/wn579a3/DeleteMac.md Exploit Third Party Advisory
- https://vuldb.com/?ctiid.346117 Permissions Required VDB Entry
- https://vuldb.com/?id.346117 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.748076 Third Party Advisory VDB Entry
Published: 16 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026