Vulnerability Description
A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading the affected component is recommended.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://dl.wavlink.com/firmware/RD/WINSTAR_WN579A3-A-2026-03-10-94f93d4-WO-mt762
- https://github.com/Litengzheng/vul_db/blob/main/WL-WN579A3/vul_10/README.md
- https://github.com/Litengzheng/vul_db/blob/main/WL-WN579A3/vul_9/README.md
- https://vuldb.com/?ctiid.351070
- https://vuldb.com/?id.351070
- https://vuldb.com/?submit.765327
- https://vuldb.com/?submit.765328
FAQ
What is CVE-2026-4163?
CVE-2026-4163 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manip...
How severe is CVE-2026-4163?
CVE-2026-4163 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-4163?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.