CVE-2026-3716 | Wavlink WL-WN579X3-C 231124 /cgi-bin/adm.cgi sub_401AD4 Hostname cross site scripting

A vulnerability labeled as problematic has been found in Wavlink WL-WN579X3-C 231124. This vulnerability affects the function sub_401AD4 of the file /cgi-bin/adm.cgi. Executing a manipulation of the argument Hostname can lead to cross site scripting.

This vulnerability is registered as CVE-2026-3716. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The affected component should be upgraded.

The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

CVE-2026-3716 | Wavlink WL-WN579X3-C 231124 /cgi-bin/adm.cgi sub_401AD4 Hostname cross site scripting

Post correlati

CVE-2024-37492 | Gutenberg Plugin up to 18.6.0 on WordPress cross site scripting

CVE-2024-57916 | Linux Kernel up to 6.1.124/6.6.71/6.12.9/6.13-rc6 GPIO IRQ generic_handle_irq denial of service

CVE-2022-4969 | bwoodsend rockhopper up to 0.1.2 Binary Parser ragged_array.c count_rows raw buffer overflow

CVE-2024-11963 | code-projects Responsive Hotel Site 1.0 /admin/room.php troom sql injection