What is the CVSS score of CVE-2026-3612?

CVE-2026-3612 has a CVSS 3.1 base score of 7.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.4%.

Which versions of Wl Nu516u1 Firmware are affected by CVE-2026-3612?

A high-severity vulnerability in Wavlink WL-NU516U1 devices affects the firmware upgrade component, potentially allowing unauthorized code execution.

Is there a public PoC exploit available for CVE-2026-3612?

Yes, a public proof-of-concept exploit is available for CVE-2026-3612. Prioritise patching immediately. EPSS: 0.4%.

Wl Nu516u1 Firmware CVE-2026-3612

HIGH

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)

2026-03-06 cna@vuldb.com

Command Injection Wl Nu516u1 Firmware

7.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

PoC Detected

Mar 10, 2026 - 18:29 vuln.today

Public exploit code

CVE Published

Mar 06, 2026 - 01:15 nvd

HIGH 7.2

DescriptionNVD

A vulnerability was determined in Wavlink WL-NU516U1 V240425. This affects the function sub_405AF4 of the file /cgi-bin/adm.cgi of the component OTA Online Upgrade. This manipulation of the argument firmware_url causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.

AnalysisAI

Remote code execution in Wavlink WL-NU516U1 firmware allows unauthenticated attackers to execute arbitrary commands through the firmware_url parameter in the OTA upgrade function, requiring only high-level privileges to trigger. Public exploit code exists for this vulnerability and no patch is currently available, making it an immediate risk for affected devices.

RemediationAI

Within 24 hours: Inventory all Wavlink WL-NU516U1 devices in your environment and document network exposure. Within 7 days: Isolate affected devices to trusted networks only, disable remote management interfaces, and restrict access to /cgi-bin/adm.cgi via firewall rules. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-3612 vulnerability details – vuln.today

Back

Wl Nu516u1 Firmware CVE-2026-3612

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code