CVE-2026-3661 | Wavlink WL-NU516U1 240425 /cgi-bin/adm.cgi ota_new_upgrade model command injection

Inserito da Angelo Barbosa | Mar 6, 2026 | CVE

A vulnerability marked as critical has been reported in Wavlink WL-NU516U1 240425. This affects the function ota_new_upgrade of the file /cgi-bin/adm.cgi. This manipulation of the argument model causes command injection.

The identification of this vulnerability is CVE-2026-3661. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure.

CVE-2026-3661 | Wavlink WL-NU516U1 240425 /cgi-bin/adm.cgi ota_new_upgrade model command injection

Post correlati

CVE-2024-12831 | Arista NG Firewall 17.1.1 uvm_login authorization (ZDI-24-1720)

CVE-2023-23970 | WooRockets Corsa Plugin up to 1.5 on WordPress unrestricted upload

CVE-2024-41348 | openflights 5234b5b php/alsearch.php cross site scripting

CVE-2024-38494 | Broadcom Symantec Privileged Access Management up to 3.4.6/4.1.7 HTTP Request command injection