Scan free
MEDIUMCVE-2026-6559CVSS 4.3

CVE-2026-6559: XSS in Wavlink WL-WN579A3

Platform

linux

Component

wavlink-wl-wn579a3

Fixed in

220323.0.1

AI Confidence: highNVDEPSS 0.0%Reviewed: May 2026
View on NVD
Save

A cross-site scripting (XSS) vulnerability has been discovered in the Wavlink WL-WN579A3 wireless adapter, specifically version 220323. This flaw allows attackers to inject malicious scripts into the device's web interface, potentially leading to unauthorized access and data theft. The vulnerability resides in the handling of the Hostname argument within the /cgi-bin/login.cgi file. The vendor has acknowledged the issue and released a patched version.

Impact and Attack Scenarios

Successful exploitation of CVE-2026-6559 enables an attacker to execute arbitrary JavaScript code within the context of a user's browser session on the Wavlink WL-WN579A3 device's web interface. This can be leveraged to steal session cookies, redirect users to malicious websites, or deface the device's login page. Given the device's role as a network adapter, a compromised device could potentially be used as a pivot point to attack other devices on the same network, expanding the attack surface. The impact is amplified if the device is used in environments with sensitive data or critical infrastructure.

Exploitation Context

This vulnerability was publicly disclosed on 2026-04-19. The vendor responded promptly and released a patch. There is no indication of this vulnerability being actively exploited at this time, nor is it listed on the CISA KEV catalog. Public proof-of-concept exploits are not currently available, but the vulnerability's nature makes it likely that one will emerge.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh
Reports1 threat report

EPSS

0.03% (10% percentile)

CISA SSVC

Exploitationnone
Automatableno
Technical Impactpartial

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:X/RL:O/RC:C4.3MEDIUMAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredNoneAuthentication level needed to attackUser InteractionRequiredWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityNoneRisk of sensitive data exposureIntegrityLowRisk of unauthorized data modificationAvailabilityNoneRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
None — unauthenticated. No login or credentials needed to exploit.
User Interaction
Required — victim must take an action: open a file, click a link, or visit a crafted page.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
None — no confidentiality impact. Attacker cannot read protected data.
Integrity
Low — attacker can modify some data with limited scope or impact.
Availability
None — no availability impact. Service remains fully operational.

Affected Software

Componentwavlink-wl-wn579a3
VendorWavlink
Affected rangeFixed in
220323 – 220323220323.0.1

Weakness Classification (CWE)

CWE-79CWE-94

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated
Unpatched — 35 days since disclosure

Mitigation and Workarounds

The primary mitigation for CVE-2026-6559 is to upgrade the Wavlink WL-WN579A3 firmware to the patched version released by the vendor. Since a specific version is not provided, check the Wavlink website for the latest firmware. If upgrading is not immediately feasible, consider implementing strict input validation on the Hostname parameter within the /cgi-bin/login.cgi script to prevent malicious input. While a WAF might offer some protection, it's unlikely to be effective against this type of vulnerability without specific rules tailored to the device's web interface. After upgrading, verify the fix by attempting to inject a simple XSS payload (e.g., <script>alert('XSS')</script>) into the Hostname field and confirming that the script is not executed.

How to fix

Update the Wavlink WL-WN579A3 device to the corrected version provided by the manufacturer. Refer to the manufacturer's documentation or website for specific instructions on how to update the firmware.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-6559 — XSS in Wavlink WL-WN579A3?

CVE-2026-6559 is a cross-site scripting vulnerability in the Wavlink WL-WN579A3 version 220323, allowing attackers to inject malicious scripts via the Hostname parameter in /cgi-bin/login.cgi.

Am I affected by CVE-2026-6559 in Wavlink WL-WN579A3?

If you are using Wavlink WL-WN579A3 version 220323 and have not upgraded to the latest firmware, you are potentially affected by this vulnerability.

How do I fix CVE-2026-6559 in Wavlink WL-WN579A3?

Upgrade your Wavlink WL-WN579A3 firmware to the patched version released by the vendor. Check the Wavlink website for the latest firmware.

Is CVE-2026-6559 being actively exploited?

There is currently no evidence of CVE-2026-6559 being actively exploited, but the vulnerability's nature makes it a potential target.

Where can I find the official Wavlink advisory for CVE-2026-6559?

Refer to the Wavlink website for the latest security advisories and firmware updates related to CVE-2026-6559.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs