Critical Vulnerability Information Vulnerability Summary CVE ID: CVE-2026-2530 CVSS Score - Meta Score: 6.9 - CVSSv3: 6.3 - CVSSv2: 5.7 Vulnerability Details Affected Device: Wavlink WL-WN579A3 up to 20210219 Vulnerability Type: Command Injection Impact: Manipulation of the parameter leads to command injection attacks against the function in the file. CVSS Assessment: - Such an operation enables remote exploitation, and a proof-of-concept exploit is available. Vulnerability Timeline Disclosure Date: February 15, 2025 VulDB Entry Created: February 15, 2025 VulDB Entry Last Updated: February 20, 2025 Incident Progress The vulnerability has been classified as "critical", allowing attackers to perform remote command injection via uncontrolled external input. The vulnerability is recorded as CVE-2026-2530 and has been officially authorized by the CVE Program to manage related attack vectors, including AI-based threat patterns (e.g., MITRE T120). Other Key Points Vendor Non-Response: Although the vendor was notified in advance, no response was received regarding the disclosure. Public Exploit: A proof-of-concept (PoC) exploit is available on GitHub: public exploit. Market Value: The current market price for this vulnerability ranges from $0 to $5000. Threat Intelligence Score: 1.43, indicating that the vulnerability has moderate appeal in real-world attack scenarios.