Plattform
linux
Komponente
wavlink-wl-wn579a3
Behoben in
220323.0.1
A cross-site scripting (XSS) vulnerability has been discovered in the Wavlink WL-WN579A3 wireless adapter, specifically version 220323. This flaw allows an attacker to inject malicious scripts into the device's web interface, potentially leading to unauthorized access and data theft. The vulnerability resides within the sub_401F80 function of the /cgi-bin/login.cgi file, triggered by manipulating the Hostname argument. A fixed version is now available from the vendor.
Successful exploitation of CVE-2026-6559 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session on the Wavlink WL-WN579A3 device's web interface. This can lead to various malicious actions, including session hijacking, credential theft (if login credentials are stored or transmitted insecurely), and defacement of the device's web pages. The attacker could potentially gain control of the device and use it as a pivot point to attack other systems on the network. While the vulnerability is remote, it requires the attacker to be able to access the device's web interface, typically via a network connection.
CVE-2026-6559 was publicly disclosed on 2026-04-19. The vendor responded promptly and released a patch. There are currently no publicly available proof-of-concept (POC) exploits. The vulnerability is not listed on the CISA KEV catalog at the time of writing. The relatively low CVSS score suggests a moderate exploitation probability.
Small businesses and home users who rely on the Wavlink WL-WN579A3 wireless adapter for network connectivity are at risk. Environments where the device is used as a gateway or access point, potentially exposing internal network resources, face a higher level of risk. Users who have not updated their device's firmware are particularly vulnerable.
• linux / server:
journalctl -u wlan_service | grep -i "login.cgi"• generic web:
curl -I http://<device_ip>/cgi-bin/login.cgi | grep Hostnamedisclosure
Exploit-Status
EPSS
0.03% (10% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-6559 is to upgrade the Wavlink WL-WN579A3 firmware to the fixed version released by the vendor. Since the vulnerability is in a web interface, consider implementing stricter input validation and output encoding on the device's web server to prevent future XSS attacks. If upgrading is not immediately possible, restrict access to the device's web interface using a firewall or access control list (ACL) to limit potential attackers. Monitor network traffic for suspicious activity targeting the device’s login page.
Aktualisieren Sie das Wavlink WL-WN579A3-Gerät auf die vom Hersteller bereitgestellte korrigierte Version. Weitere Informationen zum Aktualisieren der Firmware finden Sie in der Dokumentation des Herstellers oder auf dessen Website.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-6559 is a cross-site scripting vulnerability in the Wavlink WL-WN579A3 version 220323, allowing attackers to inject malicious scripts via the Hostname parameter in /cgi-bin/login.cgi.
If you are using Wavlink WL-WN579A3 version 220323 and have not upgraded to the latest firmware, you are potentially affected by this vulnerability.
Upgrade your Wavlink WL-WN579A3 firmware to the patched version released by the vendor. Check the Wavlink website for the latest firmware.
There is currently no evidence of CVE-2026-6559 being actively exploited, but the vulnerability's nature makes it a potential target.
Refer to the Wavlink website for the latest security advisories and firmware updates related to CVE-2026-6559.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.