CVE-2026-3662 | Wavlink WL-NU516U1 240425 /cgi-bin/adm.cgi usb_p910 Pr_mode command injection

Inserito da Angelo Barbosa | Mar 6, 2026 | CVE

A vulnerability described as critical has been identified in Wavlink WL-NU516U1 240425. This vulnerability affects the function usb_p910 of the file /cgi-bin/adm.cgi. Such manipulation of the argument Pr_mode leads to command injection.

This vulnerability is referenced as CVE-2026-3662. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure.

CVE-2026-3662 | Wavlink WL-NU516U1 240425 /cgi-bin/adm.cgi usb_p910 Pr_mode command injection

Post correlati

CVE-2021-47517 | Linux Kernel up to 5.10.86/5.15.7 ethtool use after free (7c26da3be1e9/cfd719f04267/dde91ccfa25f)

CVE-2024-13859 | Buddyboss Platform Plugin up to 2.8.50 on WordPress bp_nouveau_ajax_media_save cross site scripting

CVE-2025-8795 | LitmusChaos Litmus up to 3.19.0 /auth/login projectID access control

CVE-2024-26018 | TvRock 0.9t8a cross site scripting