LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-4163

CVE-2026-4163 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 16, 2026

Wavlink WL-WN579A3 - Command Injection

Published: March 16, 2026Updated: March 16, 2026Remote Exploitable

Overview

Wavlink WL-WN579A3 220323 contains a command injection caused by manipulation of SetName/GuestWifi function in /cgi-bin/wireless.cgi POST Request Handler, letting remote attackers execute arbitrary commands, exploit requires crafted POST request.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 16.1%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute arbitrary commands, potentially taking full control of the device.

Mitigation

Upgrade to the latest version of the affected component.

References

Social Media Activity(6 posts)

Offensive Sequence
Offensive Sequence
@offseq
Mar 15, 2026

⚠️ CRITICAL: CVE-2026-4163 in Wavlink WL-WN579A3 (220323) enables remote unauthenticated command injection via /cgi-bin/wireless.cgi. Exploit is public — restrict remote admin, monitor logs, and patch ASAP. https://radar.offseq.com/threat/cve-2026-4163-command-injection-in-wavlink-wl-wn57-5fa0760b #OffSeq #Vuln #IoTSecurity

View original post
Offensive Sequence
Offensive Sequence
@offseq
Mar 15, 2026

🚨 CVE-2026-4163 (CRITICAL): Wavlink WL-WN579A3 routers (v220323) have a command injection bug in /cgi-bin/wireless.cgi. Public exploit code available — restrict remote mgmt, monitor logs, and patch ASAP. https://radar.offseq.com/threat/cve-2026-4163-command-injection-in-wavlink-wl-wn57-5fa0760b #OffSeq #CVE20264163 #infosec #routersecurity

View original post
Offensive Sequence
Offensive Sequence
@offseq
Mar 15, 2026

🚨 CRITICAL: CVE-2026-4163 in Wavlink WL-WN579A3 (220323) enables unauthenticated remote command injection via /cgi-bin/wireless.cgi. Exploit code is public — restrict remote admin & monitor traffic until patched! https://radar.offseq.com/threat/cve-2026-4163-command-injection-in-wavlink-wl-wn57-5fa0760b #OffSeq #CVE20264163 #Infosec

View original post
Offensive Sequence
Offensive Sequence
@offseq
Mar 15, 2026

⚠️ CRITICAL: CVE-2026-4163 in Wavlink WL-WN579A3 (220323) enables remote unauthenticated command injection via /cgi-bin/wireless.cgi. Exploit is public — restrict remote admin, monitor logs, and patch ASAP. https://radar.offseq.com/threat/cve-2026-4163-command-injection-in-wavlink-wl-wn57-5fa0760b #OffSeq #Vuln #IoTSecurity

View original post
Offensive Sequence
Offensive Sequence
@offseq
Mar 15, 2026

🚨 CVE-2026-4163 (CRITICAL): Wavlink WL-WN579A3 routers (v220323) have a command injection bug in /cgi-bin/wireless.cgi. Public exploit code available — restrict remote mgmt, monitor logs, and patch ASAP. https://radar.offseq.com/threat/cve-2026-4163-command-injection-in-wavlink-wl-wn57-5fa0760b #OffSeq #CVE20264163 #infosec #routersecurity

View original post
Offensive Sequence
Offensive Sequence
@offseq
Mar 15, 2026

🚨 CRITICAL: CVE-2026-4163 in Wavlink WL-WN579A3 (220323) enables unauthenticated remote command injection via /cgi-bin/wireless.cgi. Exploit code is public — restrict remote admin & monitor traffic until patched! https://radar.offseq.com/threat/cve-2026-4163-command-injection-in-wavlink-wl-wn57-5fa0760b #OffSeq #CVE20264163 #Infosec

View original post

Related Resources

Details

CVE ID
CVE-2026-4163
Severity
Critical
CVSS Score
9.8
Type
command_injection
Status
unconfirmed
EPSS
16.1%
Social Posts
6

CWE

  • CWE-74

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

16.1%Probability of exploitation in the next 30 days