Cross-Site Scripting Vulnerability in Wavlink WL-WN579A3 Router
CVE-2026-6559

5.3MEDIUM

Key Information:

Vendor

Wavlink

Status
Wl-wn579a3
Vendor
CVE Published:
19 April 2026

What is CVE-2026-6559?

A cross-site scripting (XSS) vulnerability exists in the Wavlink WL-WN579A3 router due to improper handling of the 'Hostname' argument in the /cgi-bin/login.cgi file. This flaw allows remote attackers to execute arbitrary scripts in the context of the user's session, potentially leading to unauthorized access and data exposure. The vendor has addressed this security issue and released an upgraded version of the device to mitigate the risk. Users are strongly encouraged to update their firmware to the latest version to protect against potential exploitation.

Affected Version(s)

WL-WN579A3 220323

References

https://vuldb.com/vuln/358196
vdb-entrytechnical-description
https://vuldb.com/vuln/358196/cti
signaturepermissions-required
https://vuldb.com/submit/785303
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

LtzHust2 (VulDB User)
VulDB CNA Team
.