CVE-2026-3703

CRITICAL

Wavlink NU516U1 251208 - Memory Corruption

Title source: llm

Description

A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. The attack may be performed from remote. The exploit has been published and may be used. Upgrading the affected component is recommended. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

References (6)

[Various Sources] https://dl.wavlink.com/firmware/RD/WINSTAR_NU516U1-WO-A-2026-02-27-2fcf6ae-mt7628-squashfs-sysupgrade.bin

[Third Party Advisory] https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/ipaddr.md

View Writeup ZIP pw:eip

[Third Party Advisory] https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/ipaddr.md#exp-exploit--poc

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.349649

[Permissions Required, VDB Entry] https://vuldb.com/?id.349649

[Permissions Required, VDB Entry] https://vuldb.com/?submit.759226

Scores

CVSS v3 9.8

EPSS 0.0007

EPSS Percentile 20.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-119 CWE-787

Status draft

Timeline

Published Mar 08, 2026

Tracked Since Mar 08, 2026