CVE-2026-3703

CRITICAL
2026-03-08 [email protected]
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
PoC Detected
Mar 10, 2026 - 18:55 vuln.today
Public exploit code
CVE Published
Mar 08, 2026 - 05:16 nvd
CRITICAL 9.8

Tags

Buffer Overflow Wl Nu516u1 Firmware

Description

A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. The attack may be performed from remote. The exploit has been published and may be used. Upgrading the affected component is recommended. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

Analysis

Wavlink NU516U1 firmware 251208 has a buffer overflow enabling remote code execution through crafted HTTP requests to the CGI interface.

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Identify and inventory all Wavlink NU516U1 devices in your environment and isolate them from production networks if possible. Within 7 days: Implement network segmentation to restrict access to the affected devices, disable remote management features, and monitor for exploitation attempts. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

69
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +49
POC: +20

Share

CVE-2026-3703 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy