Aggregator

A vulnerability identified as critical has been detected in Wavlink WL-WN579A3 up to 20210219. This affects the function AddMac of the file /cgi-bin/wireless.cgi. This manipulation of the argument macAddr causes command injection. This vulnerability is tracked as CVE-2026-2530. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as critical has been discovered in Wavlink WL-WN579A3 up to 20210219. Affected by this issue is the function DeleteMac of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list results in command injection. This vulnerability is identified as CVE-2026-2529. The attack can be executed remotely. There is not any exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Wavlink WL-WN579A3 up to 20210219. It has been rated as critical. Affected by this vulnerability is the function Delete_Mac_list of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list leads to command injection. This vulnerability is referenced as CVE-2026-2528. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Wavlink WL-WN579A3 up to 20210219. It has been declared as critical. Affected is an unknown function of the file /cgi-bin/login.cgi. Executing a manipulation of the argument key can lead to command injection. The identification of this vulnerability is CVE-2026-2527. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Wavlink WL-WN579A3 up to 20210219. It has been classified as critical. This impacts the function multi_ssid of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument SSID2G2 results in command injection. This vulnerability was named CVE-2026-2526. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #748219 / VDB-346119

Submit #748077 / VDB-346118

Submit #748076 / VDB-346117

Submit #748075 / VDB-346116

Submit #748074 / VDB-346115

Submit #748073 / VDB-346114

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: United Airlines CISO on building resilience when disruption is inevitable In this Help Net Security interview, Deneen DeFiore, VP and CISO at United Airlines, explains how the company approaches modernization without compromising safety-critical environments, why resilience and continuity matter as much as prevention, and how the airline manages risk across an interconnected ecosystem of vendors, partners, and infrastructure providers. What … More →

The post Week in review: Exploited newly patched BeyondTrust RCE, United Airlines CISO on building resilience appeared first on Help Net Security.

Submit #746919 / VDB-341601

A vulnerability was found in Free5GC up to 4.1.0 and classified as problematic. This affects an unknown function of the component PFCP UDP Endpoint. Such manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2026-2525. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability has been found in Open5GS 2.7.6 and classified as problematic. The impacted element is the function mme_s11_handle_create_session_response of the component MME. This manipulation causes denial of service. This vulnerability is handled as CVE-2026-2524. The attack can be initiated remotely. Additionally, an exploit exists. The project was informed of the problem early through an issue report but has not responded yet.

Submit #739509 / VDB-346113

A vulnerability, which was classified as problematic, was found in Open5GS up to 2.7.6. The affected element is the function smf_gn_handle_create_pdp_context_request of the file /src/smf/gn-handler.c of the component SMF. The manipulation results in reachable assertion. This vulnerability is known as CVE-2026-2523. It is possible to launch the attack remotely. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability, which was classified as problematic, has been found in Open5GS up to 2.7.6. Impacted is an unknown function of the file /src/mme/esm-build.c of the component MME. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2026-2522. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #738369 / VDB-346112

A vulnerability classified as critical was found in Open5GS up to 2.7.6. This issue affects the function sgwc_s5c_handle_create_session_response of the component SGW-C. Executing a manipulation can lead to memory corruption. This vulnerability appears as CVE-2026-2521. The attack may be performed from remote. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.