CVE-2026-5004
Stack-Based Buffer Overflow in Wavlink UPNP Handler Allows Remote Attack
Publication date: 2026-03-28
Last updated on: 2026-04-03
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wavlink | wl-wn579x3-c_firmware | 231124 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5004 is a stack-based buffer overflow vulnerability in the Wavlink WL-WN579X3-C router, specifically in the /cgi-bin/firewall.cgi component's UPNP Handler function sub_4019FC.
The vulnerability occurs because the function uses a fixed-size 8-byte stack buffer to handle the UpnpEnabled parameter, but unconditionally writes 40 bytes into it. This causes an overflow that overwrites adjacent stack data, including the function's return address.
An attacker can exploit this remotely by sending a specially crafted POST request with an excessively long UpnpEnabled value, which can cause the router to crash (denial of service) or, if precisely crafted, allow arbitrary code execution leading to full system compromise.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a remote attacker to cause a denial of service on your Wavlink WL-WN579X3-C router, making it unavailable.
More severely, an attacker can exploit the buffer overflow to execute arbitrary code on the device, potentially gaining full control over the router.
Such control could allow the attacker to intercept, modify, or redirect network traffic, compromise network security, or use the device as a foothold for further attacks within your network.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a specially crafted POST request to the router's /cgi-bin/firewall.cgi endpoint with an excessively long UpnpEnabled parameter value. This triggers the stack-based buffer overflow in the UPNP Handler.
A detection method involves monitoring for crashes or denial of service events on the device after such requests, or actively testing by sending a POST request with a long UpnpEnabled parameter to see if the device crashes or behaves abnormally.
An example command using curl to test for the vulnerability could be:
- curl -X POST http://[router_ip]/cgi-bin/firewall.cgi -d "firewall=UPNP&UpnpEnabled=$(python3 -c 'print("A"*40)')"
If the device crashes or becomes unresponsive after this request, it indicates the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the /cgi-bin/firewall.cgi endpoint to trusted networks or IP addresses to prevent remote exploitation.
Disabling UPnP functionality on the device, if possible, can reduce the attack surface since the vulnerability is triggered via the UpnpEnabled parameter.
Monitoring the device for unusual crashes or reboots can help detect exploitation attempts.
Since the vendor has not responded with a patch, consider isolating the vulnerable device from untrusted networks until a fix is available.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of the CVE-2026-5004 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.