Description
A weakness has been identified in Wavlink WL-WN579A3 220323. This affects the function sub_401F80 of the file /cgi-bin/login.cgi. This manipulation of the argument Hostname causes cross site scripting. Remote exploitation of the attack is possible. Upgrading the affected component is recommended. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Published: 2026-04-19
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: Cross Site Scripting
Action: Patch Now
AI Analysis

Impact

The vulnerability lies in the sub_401F80 function of /cgi-bin/login.cgi in Wavlink WL-WN579A3 firmware 220323. An attacker can manipulate the Hostname argument, causing the script to be executed in the victim’s browser. This enables malicious code execution within the context of the web interface, potentially leading to data theft or session hijacking. The weakness is an unchecked input that is reflected in the response, classifying it under CWE‑79 and the associated code evaluation abuse listed as CWE‑94.

Affected Systems

The issue affects the Wavlink WL‑WN579A3 router running firmware version 220323. All devices that have not applied the vendor’s patch are exposed.

Risk and Exploitability

The CVSS score of 5.3 points to moderate impact; EPSS is unavailable, and the vulnerability is not listed in the CISA KEV catalog. Because the flaw is exploitable remotely via the HTTP interface, an attacker only needs to send a crafted request to the login.cgi endpoint. The exploit does not require elevated privileges on the device, making it broadly available to anyone able to reach the router’s web interface.

Generated by OpenCVE AI on April 19, 2026 at 06:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device firmware to the fixed version released by Wavlink
  • Restrict administrative interface access to trusted networks or enforce firewall rules that limit exposure
  • Validate and sanitize the Hostname input parameter to prevent reflected cross site scripting

Generated by OpenCVE AI on April 19, 2026 at 06:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 19 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
First Time appeared Wavlink wl-wn579a3
Vendors & Products Wavlink wl-wn579a3

Sun, 19 Apr 2026 05:45:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in Wavlink WL-WN579A3 220323. This affects the function sub_401F80 of the file /cgi-bin/login.cgi. This manipulation of the argument Hostname causes cross site scripting. Remote exploitation of the attack is possible. Upgrading the affected component is recommended. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Title Wavlink WL-WN579A3 login.cgi sub_401F80 cross site scripting
First Time appeared Wavlink
Wavlink wl-wn579a3 Firmware
Weaknesses CWE-79
CWE-94
CPEs cpe:2.3:o:wavlink:wl-wn579a3_firmware:*:*:*:*:*:*:*:*
Vendors & Products Wavlink
Wavlink wl-wn579a3 Firmware
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:ND/RL:OF/RC:C'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:X/RL:O/RC:C'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:X/RL:O/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X'}

Subscriptions

Wavlink Wl-wn579a3 Wl-wn579a3 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-19T05:15:15.503Z

Reserved: 2026-04-18T15:51:51.155Z

Link: CVE-2026-6559

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-19T06:16:10.437

Modified: 2026-04-19T06:16:10.437

Link: CVE-2026-6559

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-19T06:30:05Z

Weaknesses