CVE-2026-4166 | Wavlink WL-NU516U1 240425 /cgi-bin/login.cgi sub_404F68 homepage/hostname cross site scripting

Inserito da Angelo Barbosa | Mar 14, 2026 | CVE

A vulnerability categorized as problematic has been discovered in Wavlink WL-NU516U1 240425. The impacted element is the function sub_404F68 of the file /cgi-bin/login.cgi. The manipulation of the argument homepage/hostname results in cross site scripting.

This vulnerability is reported as CVE-2026-4166. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure.

CVE-2026-4166 | Wavlink WL-NU516U1 240425 /cgi-bin/login.cgi sub_404F68 homepage/hostname cross site scripting

Post correlati

CVE-2025-33102 | IBM Concert Software up to 1.1.0 risky encryption

CVE-2023-5800 | AXIS OS 6.50/8.40/9.80/10.12/11.8 VAPIX API create_overlay.cgi Remote Code Execution

CVE-2024-4486 | Awesome Contact Form 7 for Elementor Plugin up to 2.9 on WordPress AEP Contact Form 7 Widget cross site scripting

CVE-2025-5523 | enilu web-flash 1.0 File Upload upload fileService.upload cross site scripting (ICAXTM)