CVE-2026-2530
Remote Command Injection in Wavlink WL-WN579A3 AddMac Function
Publication date: 2026-02-16
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wavlink | wl-wn579a3_firmware | to 2021-02-19 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-2530 is a command injection vulnerability found in the Wavlink WL-WN579A3 wireless router, specifically in the AddMac function of the /cgi-bin/wireless.cgi script.
The vulnerability arises because the macAddr parameter is improperly handled, allowing an attacker to inject arbitrary commands into the system.
This flaw can be exploited remotely without authentication, meaning an attacker can execute commands on the device from a distance.
The vulnerability is classified under CWE-77, which involves using externally influenced input to construct system commands without proper neutralization, leading to command injection.
A proof-of-concept exploit is publicly available, making it easier for attackers to exploit this vulnerability.
The vendor was notified early but did not respond or provide any mitigation.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing remote attackers to execute arbitrary commands on your Wavlink WL-WN579A3 router without authentication.
Such command execution can compromise the confidentiality, integrity, and availability of the affected device.
An attacker could potentially take control of the device, disrupt its normal operation, or use it as a foothold to attack other devices on the network.
Because the exploit is publicly available, the risk of attack is increased.
No known countermeasures exist, so the recommended action is to replace the affected product.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the Wavlink WL-WN579A3 router is running firmware up to version 20210219 and if the /cgi-bin/wireless.cgi endpoint is accessible.
Since the vulnerability involves command injection via the macAddr parameter in the AddMac function, one way to detect it is by attempting to send crafted HTTP requests to the /cgi-bin/wireless.cgi endpoint with manipulated macAddr values to see if arbitrary commands can be executed.
Specific commands or scripts to test this vulnerability are publicly available in the proof-of-concept exploit on GitHub, for example in the repository MRAdera/IoT-Vuls under wavlink/wn579a3/AddMac.md.
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'There are no known countermeasures or patches provided by the vendor for this vulnerability, as the vendor did not respond to the disclosure.'}, {'type': 'paragraph', 'content': 'The recommended immediate mitigation is to replace the affected Wavlink WL-WN579A3 device with a secure alternative that is not vulnerable.'}, {'type': 'paragraph', 'content': "Additionally, restricting remote access to the device's management interface and monitoring network traffic for suspicious activity targeting the /cgi-bin/wireless.cgi endpoint may help reduce risk."}] [1]