Description
A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the function sub_40139C of the file /cgi-bin/firewall.cgi. Performing a manipulation of the argument del_flag results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used. Upgrading to version 20260226 is able to mitigate this issue. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Published: 2026-03-08
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A stack-based buffer overflow occurs in the sub_40139C function of /cgi-bin/firewall.cgi after manipulating the del_flag argument. The flaw is a classic CWE-119 (Buffer Overflow) that can also trigger a stack corruption identified as CWE-121 (Stack Smashing). If successfully exploited, an adversary could execute arbitrary code on the device, or cause a denial of service by crashing the firewall service. The vulnerability is exposed through a remote request to the CGI interface, making it reachable from outside the local network.

Affected Systems

The affected devices are Wavlink WL-WN579X3-C routers running firmware version 231124. The vendor released an updated firmware build, 20260226, that eliminates the flaw.

Risk and Exploitability

The CVSS score of 8.7 classifies this issue as high severity, while the EPSS score of less than 1% indicates a low probability of exploitation at present but the flaw is publicly documented and remote in nature. The vulnerability is not listed in the CISA KEV catalog, but the existence of a public exploit means successful attacks are possible. A remote attacker could trigger the overflow by sending a specially crafted request to /cgi-bin/firewall.cgi with a tampered del_flag value, potentially gaining execution privileges on the device if the exploit payload takes advantage of the corrupted stack.

Generated by OpenCVE AI on April 16, 2026 at 04:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the router firmware to version 20260226, which removes the vulnerable code path.
  • If remote management of the firewall CGI is not required, disable or block external access to /cgi-bin/firewall.cgi on the device’s firewall settings.
  • Implement network segmentation or isolate the management interface from untrusted networks, and monitor logs for anomalous firewall.cgi requests indicative of exploitation attempts.

Generated by OpenCVE AI on April 16, 2026 at 04:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Wavlink wl-wn579x3-c Firmware
CPEs cpe:2.3:h:wavlink:wl-wn579x3-c:-:*:*:*:*:*:*:*
cpe:2.3:o:wavlink:wl-wn579x3-c_firmware:231124:*:*:*:*:*:*:*
Vendors & Products Wavlink wl-wn579x3-c Firmware

Mon, 09 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Wavlink
Wavlink wl-wn579x3-c
Vendors & Products Wavlink
Wavlink wl-wn579x3-c

Sun, 08 Mar 2026 06:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the function sub_40139C of the file /cgi-bin/firewall.cgi. Performing a manipulation of the argument del_flag results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used. Upgrading to version 20260226 is able to mitigate this issue. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Title Wavlink WL-WN579X3-C firewall.cgi sub_40139C stack-based overflow
Weaknesses CWE-119
CWE-121
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Wavlink Wl-wn579x3-c Wl-wn579x3-c Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-11T13:48:43.677Z

Reserved: 2026-03-07T11:03:30.268Z

Link: CVE-2026-3715

cve-icon Vulnrichment

Updated: 2026-03-11T13:48:35.639Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-08T07:16:13.543

Modified: 2026-03-10T18:55:03.883

Link: CVE-2026-3715

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T04:30:13Z

Weaknesses