CVE 8.6 HIGH

Wavlink WL-WN530H4 internet.cgi snprintf os command injection_CVE-2026-6483

April 17, 2026 invoker category_cve

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 2026.04.16 is able to resolve this issue. Upgrading the affected component is recommended.

AI Analysis

OS command injection vulnerability in Wavlink WL-WN530H4 via the internet.cgi file, allowing remote attackers to execute arbitrary commands.

Basic Information

ID CVE-2026-6483

Source VulDB

Published Apr 17, 2026 at 10:30

Modified Apr 17, 2026 at 10:53

Affected Product

Vendor Wavlink

Product WL-WN530H4

Version 20220721

Affected Versions Wavlink WL-WN530H4 20220721

CWE Classification

CWE-78 CWE-77

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Wavlink

Product WL-WN530H4

Version 20220721

References

{
    "lastseen": "",
    "description": "A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 2026.04.16 is able to resolve this issue. Upgrading the affected component is recommended.",
    "published": "2026-04-17T10:30:17.119Z",
    "modified": "2026-04-17T10:53:26.356Z",
    "type": "cve",
    "title": "Wavlink WL-WN530H4 internet.cgi snprintf os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/358021\nhttps://vuldb.com/vuln/358021/cti\nhttps://vuldb.com/submit/783055\nhttps://github.com/dxz0069/WAVLINK-WN530H4-Command-Injection-in-set_add_routing/blob/main/vuldb_submission_report.md\nhttps://dl.wavlink.com/firmware/RD/root_uImage_WN530H4-A_2026.04.16.bin",
    "id": "CVE-2026-6483",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "Wavlink WL-WN530H4 20220721",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WL-WN530H4",
    "version": "20220721",
    "vendor": "Wavlink",
    "ai_description": "OS command injection vulnerability in Wavlink WL-WN530H4 via the internet.cgi file, allowing remote attackers to execute arbitrary commands.",
    "ai_severity": "High",
    "ai_vendor": "Wavlink",
    "ai_product": "WL-WN530H4",
    "ai_version": "20220721",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply