Sign-up

ID

VAR-202602-1992


CVE

CVE-2026-2526


TITLE

WAVLINK of WL-WN579A3  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-004092

DESCRIPTION

A vulnerability was found in Wavlink WL-WN579A3 up to 20210219. This impacts the function multi_ssid of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument SSID2G2 results in command injection. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. SSID2G2 This vulnerability can be exploited by manipulating the .ini file. Exploit code for this vulnerability is publicly available and can be exploited in the wild. We notified the vendor early on, but no action has been taken.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-2526 // JVNDB: JVNDB-2026-004092

AFFECTED PRODUCTS

vendor:wavlinkmodel:wl-wn579a3scope:lteversion:2021-02-19

Trust: 1.0

vendor:wavlinkmodel:wl-wn579a3scope:lteversion:wl-wn579a3 firmware 2021-02-19 and earlier

Trust: 0.8

vendor:wavlinkmodel:wl-wn579a3scope: - version: -

Trust: 0.8

vendor:wavlinkmodel:wl-wn579a3scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-004092 // NVD: CVE-2026-2526

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-2526
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2026-2526
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-004092
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-2526
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-004092
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-2526
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2026-2526
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2026-004092
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-004092 // NVD: CVE-2026-2526 // NVD: CVE-2026-2526

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.0

problemtype:CWE-77

Trust: 1.0

problemtype:injection (CWE-74) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-004092 // NVD: CVE-2026-2526

PATCH

title:Submit #748073url:https://github.com/MRAdera/IoT-Vuls/blob/main/wavlink/wn579a3/multi_ssid.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-004092

EXTERNAL IDS

db:NVDid:CVE-2026-2526

Trust: 2.6

db:VULDBid:346114

Trust: 1.0

db:JVNDBid:JVNDB-2026-004092

Trust: 0.8

sources: JVNDB: JVNDB-2026-004092 // NVD: CVE-2026-2526

REFERENCES

url:https://github.com/mradera/iot-vuls/blob/main/wavlink/wn579a3/multi_ssid.md

Trust: 1.0

url:https://vuldb.com/?submit.748073

Trust: 1.0

url:https://vuldb.com/?id.346114

Trust: 1.0

url:https://vuldb.com/?ctiid.346114

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-2526

Trust: 0.8

sources: JVNDB: JVNDB-2026-004092 // NVD: CVE-2026-2526

SOURCES

db:JVNDBid:JVNDB-2026-004092
db:NVDid:CVE-2026-2526

LAST UPDATE DATE

2026-02-21T23:17:28.078000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-004092date:2026-02-20T02:19:00
db:NVDid:CVE-2026-2526date:2026-02-18T19:07:21.820

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-004092date:2026-02-20T00:00:00
db:NVDid:CVE-2026-2526date:2026-02-16T02:16:06.423