Which versions of Wavlink WL-WN530H4 are affected by CVE-2026-6483?

CVE-2026-6483 is a command injection vulnerability in Wavlink WL-WN530H4 routers that allows authenticated administrators to execute arbitrary commands on the device.. A patch is available.

Is there a public PoC exploit available for CVE-2026-6483?

Yes, a public proof-of-concept exploit is available for CVE-2026-6483. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-6483?

Within 24 hours: Inventory all Wavlink WL-WN530H4 routers running firmware version 20220721 and restrict administrative access. Within 7 days: Apply vendor-released firmware patch 2026.04.16 to all affected devices. Within 30 days: Verify patched firmware version on all systems, implement credential rotation for admin accounts, and review administrative access logs for unauthorized activity.

Wavlink WL-WN530H4 CVE-2026-6483

Q: What is the CVSS score of CVE-2026-6483?

CVE-2026-6483 has a CVSS 4.0 base score of 7.3 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-23403 HIGH

OS Command Injection (CWE-78)

2026-04-17 VulDB

Command Injection

7.3

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Apr 22, 2026 - 20:22 vuln.today

Public exploit code

Analysis Updated

Apr 17, 2026 - 11:27 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 17, 2026 - 11:22 vuln.today

cvss_changed

CVSS changed

Apr 17, 2026 - 11:22 NVD

7.2 (HIGH) 7.3 (HIGH)

Analysis Generated

Apr 17, 2026 - 10:54 vuln.today

EUVD ID Assigned

Apr 17, 2026 - 10:45 euvd

EUVD-2026-23403

Analysis Generated

Apr 17, 2026 - 10:45 vuln.today

Patch released

Apr 17, 2026 - 10:45 nvd

Patch available

CVE Published

Apr 17, 2026 - 10:30 nvd

HIGH 7.3

DescriptionNVD

A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 2026.04.16 is able to resolve this issue. Upgrading the affected component is recommended.

AnalysisAI

OS command injection in Wavlink WL-WN530H4 router's internet.cgi endpoint allows authenticated attackers with high privileges to execute arbitrary system commands remotely. The vulnerability, affecting firmware version 20220721, resides in unsafe use of strcat/snprintf functions handling user input. …

RemediationAI

Within 24 hours: Inventory all Wavlink WL-WN530H4 routers running firmware version 20220721 and restrict administrative access. Within 7 days: Apply vendor-released firmware patch 2026.04.16 to all affected devices. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-6483 vulnerability details – vuln.today

Back

Wavlink WL-WN530H4 CVE-2026-6483

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Wavlink WL-WN530H4 CVE-2026-6483

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code