Home

Description

A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. The attack may be performed from remote. The exploit has been published and may be used. Upgrading the affected component is recommended. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

PUBLISHED Reserved 2026-03-07 | Published 2026-03-08 | Updated 2026-03-08 | Assigner VulDB




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CRITICAL: 9.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C

Problem types

Out-of-bounds Write

Memory Corruption

Product status

251208
affected

Timeline

2026-03-07:Advisory disclosed
2026-03-07:VulDB entry created
2026-03-07:VulDB entry last update

Credits

haimianbaobao (VulDB User) reporter

VulDB coordinator

References

vuldb.com/?id.349649 (VDB-349649 | Wavlink NU516U1 login.cgi sub_401A10 out-of-bounds write) vdb-entry technical-description

vuldb.com/?ctiid.349649 (VDB-349649 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.759226 (Submit #759226 | Wavlink NU516U1 V251208 Stack-based Buffer Overflow) third-party-advisory

github.com/...2/Wavlink-NU516U1-V251208-/blob/main/ipaddr.md related

github.com/...2/Wavlink-NU516U1-V251208-/blob/main/ipaddr.md exploit

dl.wavlink.com/...-27-2fcf6ae-mt7628-squashfs-sysupgrade.bin patch

cve.org (CVE-2026-3703)

nvd.nist.gov (CVE-2026-3703)

Download JSON