Wavlink WL-WN579A3 routers are vulnerable to a critical remote command injection flaw that allows attackers to take full control of the device.

The vulnerability is located in the SetName/GuestWifi function within /cgi-bin/wireless.cgi. By manipulating POST requests, a remote attacker can bypass input validation and execute arbitrary system commands on the device.

A successful exploit allows an attacker to intercept network traffic, change DNS settings, or enlist the device into a botnet. Given the CVSS score of 9.8, the impact is Critical, as it compromises the gateway of the local network, potentially exposing all connected devices to further attacks.

Immediate Action: Upgrade the Wavlink WL-WN579A3 firmware to the latest available version immediately.

Proactive Monitoring: Check router logs for suspicious POST requests directed at /cgi-bin/wireless.cgi and monitor for unauthorized changes to Wi-Fi configurations.

Compensating Controls: Disable remote management interfaces and ensure that the administrative interface is not accessible from the public internet.

Public Exploit Available: Yes

Because a public exploit exists, this vulnerability must be remediated with the highest urgency. Administrators should flash the updated firmware immediately and verify that the device has not already been compromised by checking for unauthorized persistent scripts.