CVE-2026-3715

HIGH EPSS 46.7%

Published Mar 8, 20263mo ago · Modified Jun 17, 20261w ago

7.4 CVSS 4.0

High

Published Mar 8, 2026 3mo ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the function sub_40139C of the file /cgi-bin/firewall.cgi. Performing a manipulation of the argument del_flag results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used. Upgrading to version 20260226 is able to mitigate this issue. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

CVSS Details

Base Score

7.4

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

46.7% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 2

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety

CWE-121

Affected Products 2

Vendor	Product	Version	Range
wavlink	wl-wn579x3-c_firmware	231124	any
wavlink	wl-wn579x3-c	*	any

References 5

dl.wavlink.com https://dl.wavlink.com/firmware/RD/WN579X3C_WAVLINK_V20260226_WO_cb3003b2.bin

Broken Link
github.com https://github.com/Litengzheng/vul_db/blob/main/WL-WN579X3-C/vul_17/README.md

ExploitThird Party Advisory
vuldb.com https://vuldb.com/?ctiid.349660

Permissions RequiredVDB Entry
vuldb.com https://vuldb.com/?id.349660

Third Party AdvisoryVDB Entry
vuldb.com https://vuldb.com/?submit.765325

Third Party AdvisoryVDB Entry

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.