Cyber Resilience

CVE-2026-3715

HighPublic PoC

Published: 08 March 2026

Published
08 March 2026
Modified
10 March 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0066 46.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-3715 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Wavlink Wl-Wn579X3-C Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 46.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-3715 is a stack-based buffer overflow vulnerability in the Wavlink WL-WN579X3-C router firmware version 231124. The issue resides in the sub_40139C function within the /cgi-bin/firewall.cgi script, where manipulation of the del_flag argument triggers the overflow. This flaw, classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity.

The vulnerability can be exploited remotely by an attacker with low privileges, such as an authenticated user on the network. By sending a specially crafted request to the firewall.cgi endpoint, the attacker can overflow the stack, potentially leading to arbitrary code execution, data corruption, or denial of service. The public availability of an exploit further elevates the risk for unpatched devices.

Mitigation involves upgrading to firmware version 20260226, available from the vendor at https://dl.wavlink.com/firmware/RD/WN579X3C_WAVLINK_V20260226_WO_cb3003b2.bin. The vendor was notified early, responded professionally, and promptly released the fixed version. Additional details, including a proof-of-concept, are documented on VulDB (https://vuldb.com/?ctiid.349660, https://vuldb.com/?id.349660) and GitHub (https://github.com/Litengzheng/vul_db/blob/main/WL-WN579X3-C/vul_17/README.md).

An exploit has been publicly disclosed, increasing the likelihood of active targeting against exposed Wavlink routers.

EU & UK References

Vulnerability details

A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the function sub_40139C of the file /cgi-bin/firewall.cgi. Performing a manipulation of the argument del_flag results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has…

more

been made public and could be used. Upgrading to version 20260226 is able to mitigate this issue. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Stack-based buffer overflow in router web CGI (firewall.cgi) enables remote authenticated RCE on a network device, directly mapping to T1190 for exploiting the public-facing management application and T1068 for privilege escalation from low-priv credentials to arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-5004Same product: Wavlink Wl-Wn579X3-C
CVE-2026-4861Same vendor: Wavlink
CVE-2026-3613Same vendor: Wavlink
CVE-2026-2567Same vendor: Wavlink
CVE-2024-39359Same vendor: Wavlink
CVE-2024-36258Same vendor: Wavlink
CVE-2024-39757Same vendor: Wavlink
CVE-2024-39603Same vendor: Wavlink
CVE-2024-37357Same vendor: Wavlink
CVE-2024-39802Same vendor: Wavlink

Affected Assets

wavlink
wl-wn579x3-c firmware
231124

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates timely remediation of identified vulnerabilities, such as applying the vendor's firmware upgrade to eliminate the stack-based buffer overflow.

prevent

Requires validation of inputs like the del_flag argument to prevent buffer overflows from specially crafted requests to firewall.cgi.

prevent

Implements memory protections such as stack guards or canaries to mitigate stack-based buffer overflow exploitation attempts.

References