CVE-2026-3715
Published: 08 March 2026
Summary
CVE-2026-3715 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Wavlink Wl-Wn579X3-C Firmware. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 46.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2026-3715 is a stack-based buffer overflow vulnerability in the Wavlink WL-WN579X3-C router firmware version 231124. The issue resides in the sub_40139C function within the /cgi-bin/firewall.cgi script, where manipulation of the del_flag argument triggers the overflow. This flaw, classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity.
The vulnerability can be exploited remotely by an attacker with low privileges, such as an authenticated user on the network. By sending a specially crafted request to the firewall.cgi endpoint, the attacker can overflow the stack, potentially leading to arbitrary code execution, data corruption, or denial of service. The public availability of an exploit further elevates the risk for unpatched devices.
Mitigation involves upgrading to firmware version 20260226, available from the vendor at https://dl.wavlink.com/firmware/RD/WN579X3C_WAVLINK_V20260226_WO_cb3003b2.bin. The vendor was notified early, responded professionally, and promptly released the fixed version. Additional details, including a proof-of-concept, are documented on VulDB (https://vuldb.com/?ctiid.349660, https://vuldb.com/?id.349660) and GitHub (https://github.com/Litengzheng/vul_db/blob/main/WL-WN579X3-C/vul_17/README.md).
An exploit has been publicly disclosed, increasing the likelihood of active targeting against exposed Wavlink routers.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-10221
Vulnerability details
A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the function sub_40139C of the file /cgi-bin/firewall.cgi. Performing a manipulation of the argument del_flag results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has…
more
been made public and could be used. Upgrading to version 20260226 is able to mitigate this issue. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in router web CGI (firewall.cgi) enables remote authenticated RCE on a network device, directly mapping to T1190 for exploiting the public-facing management application and T1068 for privilege escalation from low-priv credentials to arbitrary code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Mandates timely remediation of identified vulnerabilities, such as applying the vendor's firmware upgrade to eliminate the stack-based buffer overflow.
Requires validation of inputs like the del_flag argument to prevent buffer overflows from specially crafted requests to firewall.cgi.
Implements memory protections such as stack guards or canaries to mitigate stack-based buffer overflow exploitation attempts.