CVE-2026-6559

MEDIUM

Wavlink WL-WN579A3 login.cgi sub_401F80 cross site scripting

Title source: cna

Description

A weakness has been identified in Wavlink WL-WN579A3 220323. This affects the function sub_401F80 of the file /cgi-bin/login.cgi. This manipulation of the argument Hostname causes cross site scripting. Remote exploitation of the attack is possible. Upgrading the affected component is recommended. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

References (5)

Scores

CVSS v3 4.3
EPSS 0.0003
EPSS Percentile 10.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE
CWE-79 CWE-94
Status published
Products (1)
Wavlink/WL-WN579A3 220323
Published Apr 19, 2026
Tracked Since Apr 19, 2026