CVE-2026-2528
Command Injection in Wavlink WL-WN579A3 Wireless CGI Endpoint
Publication date: 2026-02-16
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wavlink | wl-wn579a3_firmware | to 2021-02-19 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the Wavlink WL-WN579A3 router is running firmware up to version 20210219 and if the /cgi-bin/wireless.cgi endpoint is accessible.
Since the vulnerability involves command injection via the delete_list argument in the Delete_Mac_list function, detection can involve sending crafted HTTP requests to this endpoint to test for command injection behavior.
No specific detection commands are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
There are no known mitigations or vendor patches available for this vulnerability as the vendor did not respond to the disclosure.
The recommended immediate step is to replace the affected Wavlink WL-WN579A3 device with an alternative product that is not vulnerable.
Can you explain this vulnerability to me?
CVE-2026-2528 is a command injection vulnerability found in the Wavlink WL-WN579A3 wireless router, specifically in the Delete_Mac_list function of the /cgi-bin/wireless.cgi file.
The vulnerability occurs because the delete_list argument is improperly handled, allowing an attacker to inject arbitrary commands remotely without authentication.
This flaw is classified under CWE-77, meaning the product constructs commands using externally influenced input without properly neutralizing special characters, leading to unauthorized command execution.
A proof-of-concept exploit is publicly available, and the vendor did not respond to early notifications about this issue.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to remotely execute arbitrary commands on your Wavlink WL-WN579A3 router without authentication.
Such unauthorized command execution can compromise the confidentiality, integrity, and availability of your device.
An attacker could potentially take control of the device, disrupt its normal operation, or use it as a foothold for further attacks within your network.