プラットフォーム
other
コンポーネント
vul_db
修正版
231124.0.1
CVE-2026-3716 is a cross-site scripting (XSS) vulnerability affecting the Wavlink WL-WN579X3-C wireless network adapter. An attacker can exploit this flaw by manipulating the Hostname argument within the /cgi-bin/adm.cgi file, potentially leading to malicious script execution within a user's browser. This vulnerability impacts devices running versions 231124 through 20260226, but a fix is available in version 20260226.
Successful exploitation of CVE-2026-3716 allows an attacker to inject arbitrary JavaScript code into the web interface of the Wavlink WL-WN579X3-C device. This can lead to a variety of malicious outcomes, including session hijacking, credential theft, and defacement of the device's administration pages. The remote nature of the vulnerability means an attacker does not need local access to the device, significantly expanding the potential attack surface. Given the device's role in network connectivity, a compromised device could also be used as a pivot point for further attacks within the network.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. The availability of a public proof-of-concept (PoC) further elevates the risk. While no active campaigns have been definitively linked to CVE-2026-3716 at the time of writing, the ease of exploitation and public availability of PoCs suggest that exploitation is possible. The vulnerability was reported and addressed promptly by the vendor, demonstrating a positive security response.
Small and medium-sized businesses (SMBs) and home users relying on Wavlink WL-WN579X3-C wireless adapters are at risk. Organizations with legacy network configurations or those using the device in environments with limited security controls are particularly vulnerable. Shared hosting environments where multiple users share the same device could also be impacted.
• linux / server: Monitor access logs for requests to /cgi-bin/adm.cgi containing unusual characters or patterns in the Hostname parameter. Use grep to search for suspicious input.
grep 'suspicious_pattern' /var/log/nginx/access.log• generic web: Use curl to test the /cgi-bin/adm.cgi endpoint with various payloads in the Hostname parameter. Look for reflected input in the response.
curl 'http://<device_ip>/cgi-bin/adm.cgi?Hostname=<xss_payload>' -vdisclosure
patch
エクスプロイト状況
EPSS
0.03% (7% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2026-3716 is to upgrade the Wavlink WL-WN579X3-C firmware to version 20260226 or later. If an immediate upgrade is not possible due to compatibility issues or downtime concerns, consider implementing strict input validation on the Hostname parameter within the /cgi-bin/adm.cgi file. While not a complete solution, this can reduce the attack surface. Web application firewalls (WAFs) configured to detect and block XSS payloads targeting the /cgi-bin/adm.cgi endpoint can also provide a layer of defense. Monitor device logs for unusual activity, particularly requests containing suspicious characters in the Hostname parameter.
Wavlink WL-WN579X3-C デバイスのファームウェアをバージョン 20260226 以降にアップデートして、クロスサイトスクリプティング (Cross-Site Scripting, XSS) の脆弱性を修正してください。更新されたファームウェアをベンダーの公式ウェブサイトからダウンロードし、提供されている指示に従ってインストールしてください。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-3716 is a cross-site scripting (XSS) vulnerability in the Wavlink WL-WN579X3-C device, allowing attackers to inject malicious scripts via the Hostname parameter in /cgi-bin/adm.cgi.
You are affected if your Wavlink WL-WN579X3-C device is running version 231124 through 20260226. Upgrade to version 20260226 to mitigate the risk.
Upgrade the Wavlink WL-WN579X3-C firmware to version 20260226 or later. Implement input validation on the Hostname parameter as a temporary workaround.
While no confirmed active campaigns are known, the vulnerability is publicly disclosed and a PoC exists, increasing the risk of exploitation.
Contact Wavlink directly for the official advisory regarding CVE-2026-3716. The vendor responded professionally and quickly released a fixed version.