Vulnerability Description
A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the function sub_40139C of the file /cgi-bin/firewall.cgi. Performing a manipulation of the argument del_flag results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used. Upgrading to version 20260226 is able to mitigate this issue. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wavlink | Wl-Wn579X3-C Firmware | 231124 |
| Wavlink | Wl-Wn579X3-C | - |
Related Weaknesses (CWE)
References
- https://dl.wavlink.com/firmware/RD/WN579X3C_WAVLINK_V20260226_WO_cb3003b2.binBroken Link
- https://github.com/Litengzheng/vul_db/blob/main/WL-WN579X3-C/vul_17/README.mdExploitThird Party Advisory
- https://vuldb.com/?ctiid.349660Permissions RequiredVDB Entry
- https://vuldb.com/?id.349660Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.765325Third Party AdvisoryVDB Entry
FAQ
What is CVE-2026-3715?
CVE-2026-3715 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the function sub_40139C of the file /cgi-bin/firewall.cgi. Performing a manipulation of the argument del_flag results in stack-ba...
How severe is CVE-2026-3715?
CVE-2026-3715 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-3715?
Check the references section above for vendor advisories and patch information. Affected products include: Wavlink Wl-Wn579X3-C Firmware, Wavlink Wl-Wn579X3-C.