CVE-2026-3703

Name of the Vulnerable Software and Affected Versions Wavlink NU516U1 version 251208

Description A flaw exists in the Wavlink NU516U1 device, specifically within the /cgi-bin/login.cgi file. Manipulation of the ipaddr argument in this file can lead to an out-of-bounds write condition, potentially allowing for remote code execution. The vulnerable function is sub 401A10. This issue is network-accessible and does not require authentication. A public proof-of-concept exploit is available. Successful exploitation could allow attackers to gain full control of the device and potentially pivot into internal networks.

Recommendations Upgrade the affected component to a fixed version.