Sign-up

ID

VAR-202602-1956


CVE

CVE-2026-2528


TITLE

WAVLINK of WL-WN579A3  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-004090

DESCRIPTION

A vulnerability was identified in Wavlink WL-WN579A3 up to 20210219. Affected by this vulnerability is the function Delete_Mac_list of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was notified early on, but no action was taken.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-2528 // JVNDB: JVNDB-2026-004090

AFFECTED PRODUCTS

vendor:wavlinkmodel:wl-wn579a3scope:lteversion:2021-02-19

Trust: 1.0

vendor:wavlinkmodel:wl-wn579a3scope:lteversion:wl-wn579a3 firmware 2021-02-19 and earlier

Trust: 0.8

vendor:wavlinkmodel:wl-wn579a3scope: - version: -

Trust: 0.8

vendor:wavlinkmodel:wl-wn579a3scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-004090 // NVD: CVE-2026-2528

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-2528
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2026-2528
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2026-004090
value: CRITICAL

Trust: 0.8

cna@vuldb.com: CVE-2026-2528
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-004090
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-2528
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2026-2528
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2026-004090
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-004090 // NVD: CVE-2026-2528 // NVD: CVE-2026-2528

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.0

problemtype:CWE-77

Trust: 1.0

problemtype:injection (CWE-74) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-004090 // NVD: CVE-2026-2528

PATCH

title:Submit #748075url:https://github.com/MRAdera/IoT-Vuls/blob/main/wavlink/wn579a3/Delete_Mac_list.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-004090

EXTERNAL IDS

db:NVDid:CVE-2026-2528

Trust: 2.6

db:VULDBid:346116

Trust: 1.0

db:JVNDBid:JVNDB-2026-004090

Trust: 0.8

sources: JVNDB: JVNDB-2026-004090 // NVD: CVE-2026-2528

REFERENCES

url:https://vuldb.com/?id.346116

Trust: 1.0

url:https://github.com/mradera/iot-vuls/blob/main/wavlink/wn579a3/delete_mac_list.md

Trust: 1.0

url:https://vuldb.com/?submit.748075

Trust: 1.0

url:https://vuldb.com/?ctiid.346116

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-2528

Trust: 0.8

sources: JVNDB: JVNDB-2026-004090 // NVD: CVE-2026-2528

SOURCES

db:JVNDBid:JVNDB-2026-004090
db:NVDid:CVE-2026-2528

LAST UPDATE DATE

2026-02-21T23:33:15.587000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-004090date:2026-02-20T02:19:00
db:NVDid:CVE-2026-2528date:2026-02-18T20:04:38.627

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-004090date:2026-02-20T00:00:00
db:NVDid:CVE-2026-2528date:2026-02-16T02:16:06.807