CVE-2026-3716 MEDIUM

CVE-2026-3716: Wavlink WL-WN579X3-C adm.cgi sub_401AD4 cross site scripting

Vendor Wavlink
Product WL-WN579X3-C
Weakness CWE-79 · XSS
Published March 8, 2026
Last update March 11, 2026
View on NVD All CVEs

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This vulnerability affects the function sub_401AD4 of the file /cgi-bin/adm.cgi. Executing a manipulation of the argument Hostname can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 20260226 is able to resolve this issue. The affected component should be upgraded. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

Key dates

02Disclosure timeline

March 8, 2026 CVE published
March 11, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-1359 SIAM Industria de Automação e Monitoramento qrcode.jsp cross site scripting CVE-2024-4400 Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.4 - Authenticated (Contributer+) Stored Cross-Site Scripting CVE-2024-29098 WordPress WP Calameo plugin <= 2.1.7 - Cross Site Scripting (XSS) vulnerability CVE-2023-36806 Contao cross site scripting vulnerability via input unit widget CVE-2022-43866 IBM Maximo Asset Management cross-site scripting