CVE-2026-3613 - Vulnerability Details

- Wavlink WL-NU516U1 login.cgi sub_401A0C stack-based overflow

Description

A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vulnerability affects the function sub_401A0C of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.

Published: 2026-03-06

Score: 8.6 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability resides in the function sub_401A0C within the /cgi-bin/login.cgi script of the Wavlink WL-NU516U1 V240425 firmware. Manipulating the ipaddr argument results in a stack-based buffer overflow (CWE-119/121). The official description does not explicitly state the resulting impact beyond the overflow, but the nature of the flaw suggests that code execution could be possible if the overflow is fully leveraged. The CVE note that the attack can be launched remotely does not confirm exploitation outcomes, so the precise impact remains inferred.

Affected Systems

Wavlink WL-NU516U1 routers running firmware version V240425 are affected. No other vendors or product lines are listed in the CVE data.

Risk and Exploitability

The CVSS score of 8.6 denotes a high severity level. EPSS is below 1%, indicating a low but non-zero probability of exploitation; the vulnerability is not currently cataloged in the CISA KEV list. Public exploit code exists and the flaw can be triggered remotely via the login.cgi interface without requiring privileged access, which could allow attackers to attempt exploitation over the network.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Wavlink

WL-NU516U1

affected

Version	Status	Constraints
`V240425`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:wavlink:wl-nu516u1_firmware:m16u1_v240425:*:*:*:*:*:*:*

cpe:2.3:h:wavlink:wl-nu516u1:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Wavlink

Wl-nu516u1

100%

Version	Status	Scheme	Platform
`V240425`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest firmware update published by Wavlink that patches the stack‑based buffer overflow in login.cgi.
Restrict HTTP access to the router’s administrative interface to trusted devices only, for example by configuring VLANs or firewall rules to block external requests to /cgi-bin/login.cgi.
Change the default administrator credentials to a strong, unique password and enforce password complexity policies.

Generated by OpenCVE AI on April 17, 2026 at 12:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00139.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/Wlz1112/WAVLINK-NU516-V240425/blob/main/ipaddr_Stack%20Buffer%20Overflow.md
https://vuldb.com/?ctiid.349221
https://vuldb.com/?id.349221
https://vuldb.com/?submit.755341

History

Tue, 10 Mar 2026 18:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:h:wavlink:wl-nu516u1:-:::::::* cpe:2.3:o:wavlink:wl-nu516u1_firmware:m16u1_v240425:::::::*

Mon, 09 Mar 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 06 Mar 2026 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wavlink wl-nu516u1
Vendors & Products		Wavlink wl-nu516u1

Fri, 06 Mar 2026 01:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vulnerability affects the function sub_401A0C of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.
Title		Wavlink WL-NU516U1 login.cgi sub_401A0C stack-based overflow
First Time appeared		Wavlink Wavlink wl-nu516u1 Firmware
Weaknesses		CWE-119 CWE-121
CPEs		cpe:2.3:o:wavlink:wl-nu516u1_firmware::::::::
Vendors & Products		Wavlink Wavlink wl-nu516u1 Firmware
References		https://github.com/Wlz1112/WAVLINK-NU516-V240425/blob/main/ipaddr_Stack%20Buffer%20Overflow.md https://vuldb.com/?ctiid.349221 https://vuldb.com/?id.349221 https://vuldb.com/?submit.755341
Metrics		cvssV2_0 `{'score': 8.3, 'vector': 'AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Wavlink Wl-nu516u1 Wl-nu516u1 Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-06T01:02:07.731Z

Updated: 2026-03-09T15:31:15.166Z

Reserved: 2026-03-05T18:20:51.728Z

Link: CVE-2026-3613

Vulnrichment

Updated: 2026-03-09T15:31:11.464Z

NVD

Status : Analyzed

Published: 2026-03-06T02:15:51.793

Modified: 2026-03-10T18:30:01.317

Link: CVE-2026-3613

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T12:30:06Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object