Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.9
Wavlink NU516U1 251208: Remote Code Execution through Login Page
CVE-2026-3703
Summary
A security issue in the login page of the Wavlink NU516U1 251208 device can allow an attacker to execute malicious code remotely. This could potentially allow the attacker to take control of the device. To protect your device, we recommend applying the latest software update released by the vendor.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| wavlink | wl-nu516u1_firmware | 251208 | – |
Original title
A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write...
Original description
A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. The attack may be performed from remote. The exploit has been published and may be used. Upgrading the affected component is recommended. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
nvd CVSS2.0
10.0
nvd CVSS3.1
9.8
nvd CVSS4.0
8.9
Vulnerability type
CWE-119
Buffer Overflow
CWE-787
Out-of-bounds Write
- https://dl.wavlink.com/firmware/RD/WINSTAR_NU516U1-WO-A-2026-02-27-2fcf6ae-mt762...
- https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/ipaddr.md
- https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/ipaddr.md#exp-expl...
- https://vuldb.com/?ctiid.349649
- https://vuldb.com/?id.349649
- https://vuldb.com/?submit.759226
Published: 8 Mar 2026 · Updated: 13 Mar 2026 · First seen: 8 Mar 2026