Description
A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. The attack may be performed from remote. The exploit has been published and may be used. Upgrading the affected component is recommended. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Published: 2026-03-08
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A flaw in the /cgi-bin/login.cgi function sub_401A10 on the Wavlink NU516U1 model 251208 allows a remote attacker to perform an out‑of‑bounds write by manipulating the ipaddr argument. This is a classic buffer overflow (CWE‑119 and CWE‑787). The corrupted memory can lead to arbitrary code execution or system compromise, jeopardizing confidentiality, integrity, and availability of the device and potentially any networks it connects to.

Affected Systems

The vulnerability affects all deployed Wavlink NU516U1 routers running firmware version 251208. This includes the hardware model NU516U1, a consumer‑grade wireless access point. No other firmware revisions or hardware variants are listed as affected.

Risk and Exploitability

The CVSS score of 9.3 signals critical severity, and the exploit can be triggered remotely without prior authentication. Although the EPSS score is below one percent, indicating a low current exploitation probability, published proof‑of‑concept code and a publicly available exploit raise the attack likelihood, especially if devices remain on older firmware. The vulnerability is not yet catalogued in CISA’s KEV list, but its high impact warrants immediate attention. Attackers can target the login CGI endpoint from outside the local network, sending specially crafted ipaddr parameters to overflow the buffer and gain code execution privileges.

Generated by OpenCVE AI on April 16, 2026 at 10:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the NU516U1 firmware to the latest fixed release provided by Wavlink.
  • If an immediate firmware upgrade is not feasible, block external HTTP access to the /cgi‑bin/login.cgi endpoint or disable remote management features.
  • Configure the device’s firewall or access control lists to limit traffic to the router’s web interface to trusted local IP ranges only.

Generated by OpenCVE AI on April 16, 2026 at 10:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 10 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Wavlink wl-nu516u1 Firmware
CPEs cpe:2.3:h:wavlink:wl-nu516u1:-:*:*:*:*:*:*:*
cpe:2.3:o:wavlink:wl-nu516u1_firmware:251208:*:*:*:*:*:*:*
Vendors & Products Wavlink wl-nu516u1 Firmware

Tue, 10 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 09 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Wavlink
Wavlink wl-nu516u1
Vendors & Products Wavlink
Wavlink wl-nu516u1

Sun, 08 Mar 2026 04:45:00 +0000

Type Values Removed Values Added
Description A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. The attack may be performed from remote. The exploit has been published and may be used. Upgrading the affected component is recommended. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Title Wavlink NU516U1 login.cgi sub_401A10 out-of-bounds write
Weaknesses CWE-119
CWE-787
References
Metrics cvssV2_0

{'score': 10, 'vector': 'AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Wavlink Wl-nu516u1 Wl-nu516u1 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-10T14:00:43.592Z

Reserved: 2026-03-07T08:56:07.678Z

Link: CVE-2026-3703

cve-icon Vulnrichment

Updated: 2026-03-10T14:00:38.990Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-08T05:16:29.080

Modified: 2026-03-10T18:55:10.750

Link: CVE-2026-3703

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T10:45:26Z

Weaknesses