CVE-2026-2527

LOW EPSS 92.4%

Published Feb 16, 20264mo ago · Modified Apr 29, 20262mo ago

2.1 CVSS 4.0

Low

Published Feb 16, 2026 4mo ago

Last Modified Apr 29, 2026 2mo ago

Description

A vulnerability was determined in Wavlink WL-WN579A3 up to 20210219. Affected is an unknown function of the file /cgi-bin/login.cgi. Executing a manipulation of the argument key can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

Base Score

2.1

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

92.4% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 2

CWE-74

CWE-77 Command Injection Injection

Affected Products 2

Vendor	Product	Version	Range
wavlink	wl-wn579a3_firmware	*	≤2021-02-19
wavlink	wl-wn579a3	*	any

References 4

github.com https://github.com/MRAdera/IoT-Vuls/blob/main/wavlink/wn579a3/login.md

ExploitThird Party Advisory
vuldb.com https://vuldb.com/?ctiid.346115

Permissions RequiredVDB Entry
vuldb.com https://vuldb.com/?id.346115

Third Party AdvisoryVDB Entry
vuldb.com https://vuldb.com/?submit.748074

Third Party AdvisoryVDB Entry

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.