CVE-2026-5004 | Wavlink WL-WN579X3-C 231124 UPNP /cgi-bin/firewall.cgi sub_4019FC UpnpEnabled stack-based overflow

A vulnerability described as critical has been identified in Wavlink WL-WN579X3-C 231124. This impacts the function sub_4019FC of the file /cgi-bin/firewall.cgi of the component UPNP Handler. Executing a manipulation of the argument UpnpEnabled can lead to stack-based buffer overflow.

This vulnerability is registered as CVE-2026-5004. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-5004 | Wavlink WL-WN579X3-C 231124 UPNP /cgi-bin/firewall.cgi sub_4019FC UpnpEnabled stack-based overflow

Post correlati

CVE-2024-6416 | SeaCMS 12.9 cid sql injection

CVE-2025-11100 | D-Link DIR-823X 250416 set_wifi_blacklists uci_set command injection

CVE-2025-13604 | CleanTalk Login Security, FireWall, Malware removal by CleanTalk Plugin cross site scripting

CVE-2024-21972 | AMD Software Adrenalin Edition/Software Pro Edition User Mode Driver for DirectX 11 out-of-bounds write