HIGHCVE-2026-6483Published Modified CNA VulDB
CVE-2026-6483: Wavlink WL-WN530H4 internet.cgi snprintf os command injection
A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 2026.04.16 is able to resolve this issue. Upgrading the affected component is recommended.
Metrics
- CVSS v4.0
- 8.6
- Severity
- HIGH
- Fixed in
- 2026.04.16
- Affected Products
- 1
Affected packages
- Wavlink / WL-WN530H420220721Fixed in 2026.04.16
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:PReferences
- VDB-358021 | Wavlink WL-WN530H4 internet.cgi snprintf os command injection
- VDB-358021 | CTI Indicators (IOB, IOC, TTP, IOA)
- Submit #783055 | https://github.com/dxz0069/WAVLINK-WN530H4-Command-Injection-in- WN530H4 (AC1200 Dual-Band Wi-Fi Router) Firmware: WN530H4-WAVLINK_20220721 Improper Neutralization of Special Elements used in an OS Comman
- github.com
- dl.wavlink.com