Primary

Context

Wavlink WL-WN579A3 Command Injection Vulnerability in Wireless.cgi

Vulnerability

A command injection vulnerability has been identified in the Wavlink WL-WN579A3 router, specifically in versions through 20210219. The issue arises in the Delete_Mac_list function within the /cgi-bin/wireless.cgi file. The vulnerability can be exploited remotely by manipulating the delete_list parameter, allowing for unauthorized command execution on the device.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected device.

Reproduction

To reproduce this vulnerability, send a POST request to the /cgi-bin/wireless.cgi endpoint with the page parameter set to Delete_Mac_list and the delete_list parameter containing the payload for command execution. The device will execute the injected command with system privileges.

Added: Feb 16, 2026, 2:32 AM

Updated: Feb 16, 2026, 2:32 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.7

remediation

0.0

relevance

3.1

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.7

remediation

0.0

relevance

3.1

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Wavlink WL-WN579A3 Command Injection Vulnerability in Wireless.cgi

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating