Wl Nu516u1 Firmware
CVE-2026-3703
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. The attack may be performed from remote. The exploit has been published and may be used. Upgrading the affected component is recommended. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
AnalysisAI
Wavlink NU516U1 firmware 251208 has a buffer overflow enabling remote code execution through crafted HTTP requests to the CGI interface.
Technical ContextAI
Wavlink NU516U1 firmware 251208 has a CWE-119 memory corruption in sub_401A10 of /cgi-bin/adm.cgi.
RemediationAI
Update firmware. Restrict management access.
More in Wl Nu516u1 Firmware
View allRemote code execution in Wavlink WL-NU516U1 firmware allows unauthenticated attackers to execute arbitrary commands thro
Wl-Nu516U1 Firmware versions up to 20251208. contains a vulnerability that allows attackers to command injection (CVSS 7
Stack-based buffer overflow in Wavlink WL-NU516U1 firmware's login.cgi allows remote attackers with high privileges to a
Remote code execution in Wavlink WL-NU516U1 firmware through a stack-based buffer overflow in the nas.cgi User1Passwd pa
Stack overflow in Wavlink WL-NU516U1 firmware's /cgi-bin/adm.cgi allows remote attackers with high privileges to achieve
Command injection in Wavlink NU516U1 firmware's firewall CGI component allows authenticated remote attackers to execute
Command injection in Wavlink WL-NU516U1 firmware allows remote attackers with high privileges to execute arbitrary comma
Command injection in Wavlink WL-NU516U1 firmware allows remote attackers with high privileges to execute arbitrary comma
A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. Rated medium severity (CVSS 5.1), this vulnerability is
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today