CVE-2026-5004 identifies a stack-based buffer overflow vulnerability in the Wavlink WL-WN579X3-C router, version 231124. The flaw exists in the UPNP Handler component, specifically within the /cgi-bin/firewall.cgi script's sub_4019FC function. The vulnerability is triggered by manipulating the UpnpEnabled argument, which is improperly validated, leading to a stack buffer overflow. This overflow can be exploited remotely over the network without requiring authentication or user interaction, increasing the attack surface. The vulnerability's CVSS 4.0 score is 8.7 (high), reflecting its ease of exploitation (network attack vector, low complexity), and severe impact on confidentiality, integrity, and availability. The overflow could allow attackers to execute arbitrary code, potentially taking full control of the device or disrupting its operation. The vendor was notified early but has not issued any patches or advisories, leaving affected devices exposed. No known exploits in the wild have been reported yet, but public disclosure increases the risk of exploitation by threat actors. The vulnerability affects only the specified firmware version 231124, so other versions may not be vulnerable. The lack of vendor response and patch availability necessitates immediate defensive measures by users and administrators.

The vulnerability poses a significant risk to organizations relying on the Wavlink WL-WN579X3-C router for network connectivity. Successful exploitation can lead to remote code execution, enabling attackers to gain unauthorized access, disrupt network services, or pivot to internal networks. Confidentiality is at risk as attackers could intercept or manipulate network traffic. Integrity could be compromised by altering device configurations or injecting malicious code. Availability may be impacted through denial-of-service conditions caused by crashes or resource exhaustion. Given the device's role in home and small business networks, exploitation could facilitate broader attacks on connected systems. The absence of vendor patches increases exposure duration, raising the likelihood of exploitation. Organizations with limited network segmentation or monitoring may be particularly vulnerable. The threat extends to any environment where this device is deployed, including residential, SMB, and potentially enterprise edge networks.

Immediate mitigation should focus on network-level controls and device configuration changes. Disable UPnP functionality on the affected device if not required, as this directly relates to the vulnerable component. Restrict remote access to the router's management interface by implementing firewall rules that block external access to /cgi-bin/firewall.cgi and related services. Employ network segmentation to isolate the device from critical assets. Monitor network traffic for unusual activity targeting the router's UPnP services. If possible, downgrade to a non-vulnerable firmware version or replace the device with a secure alternative. Regularly audit device firmware versions and configurations to detect vulnerable deployments. Since no official patch is available, consider deploying intrusion detection/prevention systems (IDS/IPS) with signatures targeting this vulnerability. Engage with Wavlink support channels persistently to demand a security update. Maintain backups of device configurations to enable rapid recovery if compromise occurs.