Vulnerability Description
A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. The attack may be performed from remote. The exploit has been published and may be used. Upgrading the affected component is recommended. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wavlink | Wl-Nu516U1 Firmware | 251208 |
| Wavlink | Wl-Nu516U1 | - |
Related Weaknesses (CWE)
References
- https://dl.wavlink.com/firmware/RD/WINSTAR_NU516U1-WO-A-2026-02-27-2fcf6ae-mt762Broken Link
- https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/ipaddr.mdExploitVendor Advisory
- https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/ipaddr.md#exp-explExploitVendor Advisory
- https://vuldb.com/?ctiid.349649Permissions RequiredVDB Entry
- https://vuldb.com/?id.349649Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.759226Third Party AdvisoryVDB Entry
FAQ
What is CVE-2026-3703?
CVE-2026-3703 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. T...
How severe is CVE-2026-3703?
CVE-2026-3703 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-3703?
Check the references section above for vendor advisories and patch information. Affected products include: Wavlink Wl-Nu516U1 Firmware, Wavlink Wl-Nu516U1.