QwikSec

Security Database

CVE

CWE

Training

CVE-2026-6559

Published: Apr 19, 2026

Modified: Apr 20, 2026

PUBLISHED

CVSS v3.1

4.3

MEDIUM

Description

A weakness has been identified in Wavlink WL-WN579A3 220323. This affects the function sub_401F80 of the file /cgi-bin/login.cgi. This manipulation of the argument Hostname causes cross site scripting. Remote exploitation of the attack is possible. Upgrading the affected component is recommended. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

Vendor	Product	Versions
Wavlink	WL-WN579A3	affected `220323`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:X/RL:O/RC:C

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

VDB-358196 | Wavlink WL-WN579A3 login.cgi sub_401F80 cross site scripting

vdb-entry

technical-description

VDB-358196 | CTI Indicators (IOB, IOC, TTP, IOA)

signature

permissions-required

Submit #785303 | Wavlink WL-WN579A3 V220323 Cross Site Scripting

third-party-advisory

https://github.com/Litengzheng/vul_db/blob/main/WL-WN579A3/vul_16/README.md

broken-link

https://dl.wavlink.com/firmware/RD/WINSTAR_WN579A3-A-2026-03-10-94f93d4-WO-mt7628-squashfs-sysupgrade.bin

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.