Home / Vulnerability Intelligence / CVE-2026-3703

CVE-2026-3703 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 9, 2026

Wavlink NU516U1 - Out of Bounds Write

Published: March 8, 2026Updated: March 9, 2026Remote Exploitable

Overview

Wavlink NU516U1 251208 contains an out-of-bounds write caused by manipulation of the "ipaddr" argument in /cgi-bin/login.cgi, letting remote attackers corrupt memory, exploit requires crafted request.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 6.6%(Probability of exploitation in next 30 days)

Impact

Remote attackers can corrupt memory, potentially leading to denial of service or code execution.

Mitigation

Upgrade to the fixed version released by the vendor.

References

Social Media Activity(2 posts)

TheHackerWire

@thehackerwire

Mar 8, 2026

🔴 CVE-2026-3703 - Critical (9.8) A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. The attack may be performed from remote. The exp... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3703/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Offensive Sequence

@offseq

Mar 8, 2026

🚨 CRITICAL: CVE-2026-3703 in Wavlink NU516U1 (firmware 251208) allows remote, unauthenticated out-of-bounds write via /cgi-bin/login.cgi. Public exploit available — patch immediately! Monitor for abnormal ipaddr activity. https://radar.offseq.com/threat/cve-2026-3703-out-of-bounds-write-in-wavlink-nu516-a93ca55c #OffSeq #Vuln #RouterSecurity #Wavlink

View original post

Related Resources

Details

CVE ID: CVE-2026-3703
Severity: Critical
CVSS Score: 9.8
Type: out_of_bounds_rw
Status: unconfirmed
EPSS: 6.6%
Social Posts: 2

CWE

CWE-119

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

6.6%Probability of exploitation in the next 30 days