CVE-2026-3716
Last modified
CVE-2026-3716 is a low-severity vulnerability rated 1.9/10 on the CVSS scale. A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This vulnerability affects the function sub_401AD4 of the file /cgi-bin/adm.cgi. EPSS estimates a 0.23% chance of exploitation in the next 30 days.
Description
A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This vulnerability affects the function sub_401AD4 of the file /cgi-bin/adm.cgi. Executing a manipulation of the argument Hostname can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 20260226 is able to resolve this issue. The affected component should be upgraded. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Wavlink | Wl-Wn579x3-C Firmware | 231124 |
References
- https://github.com/Litengzheng/vul_db/blob/main/WL-WN579X3-C/vul_18/README.mdExploit, Third Party Advisory
- https://vuldb.com/?ctiid.349661Permissions Required, VDB Entry
- https://vuldb.com/?id.349661Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.765326Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-3716?
How severe is CVE-2026-3716?
How do I fix CVE-2026-3716?
Are you affected by CVE-2026-3716?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST