Skip to main content

Wl Wn530H4 CVE-2026-6483

| EUVDEUVD-2026-23403 HIGH
OS Command Injection (CWE-78)
2026-04-17 VulDB
7.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

9
PoC Detected
Apr 22, 2026 - 20:22 vuln.today
Public exploit code
Analysis Updated
Apr 17, 2026 - 11:27 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 17, 2026 - 11:22 vuln.today
cvss_changed
CVSS changed
Apr 17, 2026 - 11:22 NVD
7.2 (HIGH) 7.3 (HIGH)
Analysis Generated
Apr 17, 2026 - 10:54 vuln.today
EUVD ID Assigned
Apr 17, 2026 - 10:45 euvd
EUVD-2026-23403
Analysis Generated
Apr 17, 2026 - 10:45 vuln.today
Patch released
Apr 17, 2026 - 10:45 nvd
Patch available
CVE Published
Apr 17, 2026 - 10:30 nvd
HIGH 7.3

DescriptionCVE.org

A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 2026.04.16 is able to resolve this issue. Upgrading the affected component is recommended.

AnalysisAI

OS command injection in Wavlink WL-WN530H4 router's internet.cgi endpoint allows authenticated attackers with high privileges to execute arbitrary system commands remotely. The vulnerability, affecting firmware version 20220721, resides in unsafe use of strcat/snprintf functions handling user input. Public exploit code exists (EPSS risk elevated by POC availability), though exploitation requires administrative credentials (PR:H), limiting automated mass exploitation. Vendor-released firmware patch 2026.04.16 available.

Technical ContextAI

This vulnerability affects the Wavlink WL-WN530H4 wireless router (cpe:2.3:a:wavlink:wl-wn530h4), specifically the CGI handler at /cgi-bin/internet.cgi. The root cause is CWE-78 (OS Command Injection) stemming from improper neutralization of special elements in the strcat/snprintf functions. These C string manipulation functions are being used to construct system commands without adequate input sanitization, allowing attacker-controlled data to break out of intended command boundaries. When processing parameters for routing configuration, the vulnerable code concatenates user input directly into shell commands executed by the router's busybox or embedded Linux environment, enabling injection of arbitrary commands with the privileges of the web server process (typically root on embedded devices).

RemediationAI

Upgrade to Wavlink firmware version 2026.04.16, available from vendor repository at https://dl.wavlink.com/firmware/RD/root_uImage_WN530H4-A_2026.04.16.bin. Verify firmware authenticity via checksum if published. If immediate patching is not feasible, implement compensating controls: (1) Disable remote management access to the router admin panel (typically port 80/443) and restrict access to trusted internal networks only via firewall rules or router settings - eliminates remote attack vector but breaks cloud management features if enabled; (2) Change default admin credentials to strong unique passwords (20+ characters, random) to increase credential-attack resistance; (3) Enable HTTPS-only admin access with certificate pinning if supported to prevent credential interception; (4) Monitor router system logs for unusual command execution patterns or failed authentication attempts; (5) Segment vulnerable routers onto isolated VLANs if supporting non-critical networks until patching. Note: Disabling routing functionality would break core device purpose - not a viable mitigation. Firmware update carries standard router update risks (temporary connectivity loss, potential bricking if interrupted) - schedule during maintenance window with console access available for recovery.

Share

CVE-2026-6483 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy