216.73.216.86

CVE-2026-3612

· Published 06/03/2026 01:15 · Modified 06/03/2026 01:15

Labels: CVE-2026-3612 2026-03-06CVE-2026-3612CWE-74[email protected]

Essential information

Published
06/03/2026 01:15
Modified
06/03/2026 01:15
Author
Creator
CVSS
7.3 HIGH (v3) 7.3 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A vulnerability was determined in Wavlink WL-NU516U1 V240425. This affects the function sub_405AF4 of the file /cgi-bin/adm.cgi of the component OTA Online Upgrade. This manipulation of the argument firmware_url causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
wavlink / wl-nu516u1 cpe:2.3:a:wavlink:wl-nu516u1:*:*:*:*:*:*:*:*

References