Sign-up

ID

VAR-202602-1984


CVE

CVE-2026-2530


TITLE

WAVLINK of WL-WN579A3  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-004088

DESCRIPTION

A weakness has been identified in Wavlink WL-WN579A3 up to 20210219. This affects the function AddMac of the file /cgi-bin/wireless.cgi. This manipulation of the argument macAddr causes command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. All information handled by the software may be rewritten. Furthermore, the software may stop working completely

Trust: 1.62

sources: NVD: CVE-2026-2530 // JVNDB: JVNDB-2026-004088

AFFECTED PRODUCTS

vendor:wavlinkmodel:wl-wn579a3scope:lteversion:2021-02-19

Trust: 1.0

vendor:wavlinkmodel:wl-wn579a3scope:lteversion:wl-wn579a3 firmware 2021-02-19 and earlier

Trust: 0.8

vendor:wavlinkmodel:wl-wn579a3scope: - version: -

Trust: 0.8

vendor:wavlinkmodel:wl-wn579a3scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-004088 // NVD: CVE-2026-2530

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-2530
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2026-2530
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-004088
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-2530
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-004088
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-2530
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2026-2530
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2026-004088
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-004088 // NVD: CVE-2026-2530 // NVD: CVE-2026-2530

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.0

problemtype:CWE-77

Trust: 1.0

problemtype:injection (CWE-74) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-004088 // NVD: CVE-2026-2530

PATCH

title:Submit #748077url:https://github.com/MRAdera/IoT-Vuls/blob/main/wavlink/wn579a3/AddMac.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-004088

EXTERNAL IDS

db:NVDid:CVE-2026-2530

Trust: 2.6

db:VULDBid:346118

Trust: 1.0

db:JVNDBid:JVNDB-2026-004088

Trust: 0.8

sources: JVNDB: JVNDB-2026-004088 // NVD: CVE-2026-2530

REFERENCES

url:https://vuldb.com/?submit.748077

Trust: 1.0

url:https://vuldb.com/?id.346118

Trust: 1.0

url:https://github.com/mradera/iot-vuls/blob/main/wavlink/wn579a3/addmac.md

Trust: 1.0

url:https://vuldb.com/?ctiid.346118

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-2530

Trust: 0.8

sources: JVNDB: JVNDB-2026-004088 // NVD: CVE-2026-2530

SOURCES

db:JVNDBid:JVNDB-2026-004088
db:NVDid:CVE-2026-2530

LAST UPDATE DATE

2026-02-21T23:30:21.786000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-004088date:2026-02-20T02:19:00
db:NVDid:CVE-2026-2530date:2026-02-18T19:43:36.320

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-004088date:2026-02-20T00:00:00
db:NVDid:CVE-2026-2530date:2026-02-16T04:15:51.677