CVE-2026-3703 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 8, 2026
Wavlink NU516U1 - Out of Bounds Write
Published: March 8, 2026Updated: March 8, 2026Remote Exploitable
Overview
Wavlink NU516U1 251208 contains an out-of-bounds write caused by manipulation of the "ipaddr" argument in /cgi-bin/login.cgi, letting remote attackers corrupt memory, exploit requires crafted request.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Remote attackers can corrupt memory, potentially leading to denial of service or code execution.
Mitigation
Upgrade to the fixed version released by the vendor.
References
- https://dl.wavlink.com/firmware/RD/WINSTAR_NU516U1-WO-A-2026-02-27-2fcf6ae-mt7628-squashfs-sysupgrade.bin
- https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/ipaddr.md
- https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/ipaddr.md#exp-exploit--poc
- https://vuldb.com/?ctiid.349649
- https://vuldb.com/?id.349649
- https://vuldb.com/?submit.759226
Related Resources
Details
- CVE ID
- CVE-2026-3703
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- out_of_bounds_rw
- Status
- new
CWE
- CWE-119
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H