{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4166", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-14T12:30:20.703Z", "datePublished": "2026-03-15T05:32:08.404Z", "dateUpdated": "2026-03-17T13:46:28.034Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-15T05:32:08.404Z"}, "title": "Wavlink WL-NU516U1 login.cgi sub_404F68 cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "Cross Site Scripting"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}], "affected": [{"vendor": "Wavlink", "product": "WL-NU516U1", "versions": [{"version": "240425", "status": "affected"}], "cpes": ["cpe:2.3:o:wavlink:wl-nu516u1_firmware:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Wavlink WL-NU516U1 240425. The impacted element is the function sub_404F68 of the file /cgi-bin/login.cgi. The manipulation of the argument homepage/hostname results in cross site scripting. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-14T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-14T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-14T13:35:31.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "LtzHust2 (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/?id.351073", "name": "VDB-351073 | Wavlink WL-NU516U1 login.cgi sub_404F68 cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.351073", "name": "VDB-351073 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.769652", "name": "Submit #769652 | Wavlink WL-NU516U1 V240425 Cross Site Scripting", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.769653", "name": "Submit #769653 | Wavlink WL-NU516U1 V240425 Cross Site Scripting (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Litengzheng/vul_db/blob/main/WL-NU516U1/vul_14/README.md", "tags": ["related"]}, {"url": "https://github.com/Litengzheng/vul_db/blob/main/WL-NU516U1/vul_15/README.md", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-17T13:45:41.216278Z", "id": "CVE-2026-4166", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T13:46:28.034Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4166", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-17T13:45:41.216278Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T13:46:23.568Z"}}], "cna": {"title": "Wavlink WL-NU516U1 login.cgi sub_404F68 cross site scripting", "credits": [{"lang": "en", "type": "reporter", "value": "LtzHust2 (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:o:wavlink:wl-nu516u1_firmware:*:*:*:*:*:*:*:*"], "vendor": "Wavlink", "product": "WL-NU516U1", "versions": [{"status": "affected", "version": "240425"}]}], "timeline": [{"lang": "en", "time": "2026-03-14T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-14T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-14T13:35:31.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.351073", "name": "VDB-351073 | Wavlink WL-NU516U1 login.cgi sub_404F68 cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.351073", "name": "VDB-351073 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.769652", "name": "Submit #769652 | Wavlink WL-NU516U1 V240425 Cross Site Scripting", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.769653", "name": "Submit #769653 | Wavlink WL-NU516U1 V240425 Cross Site Scripting (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Litengzheng/vul_db/blob/main/WL-NU516U1/vul_14/README.md", "tags": ["related"]}, {"url": "https://github.com/Litengzheng/vul_db/blob/main/WL-NU516U1/vul_15/README.md", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Wavlink WL-NU516U1 240425. The impacted element is the function sub_404F68 of the file /cgi-bin/login.cgi. The manipulation of the argument homepage/hostname results in cross site scripting. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Cross Site Scripting"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "Code Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-15T05:32:08.404Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4166", "state": "PUBLISHED", "dateUpdated": "2026-03-17T13:46:28.034Z", "dateReserved": "2026-03-14T12:30:20.703Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-15T05:32:08.404Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Wavlink WL-NU516U1 240425. The impacted element is the function sub_404F68 of the file /cgi-bin/login.cgi. The manipulation of the argument homepage/hostname results in cross site scripting. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en Wavlink WL-NU516U1 240425. El elemento impactado es la funci\u00f3n sub_404F68 del archivo /cgi-bin/login.cgi. La manipulaci\u00f3n del argumento homepage/hostname resulta en cross site scripting. El ataque puede ser lanzado remotamente. El exploit ha sido hecho p\u00fablico y podr\u00eda ser usado. El proveedor fue contactado tempranamente sobre esta divulgaci\u00f3n."}], "id": "CVE-2026-4166", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-16T14:19:55.890", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/Litengzheng/vul_db/blob/main/WL-NU516U1/vul_14/README.md"}, {"source": "cna@vuldb.com", "url": "https://github.com/Litengzheng/vul_db/blob/main/WL-NU516U1/vul_15/README.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.351073"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.351073"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.769652"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.769653"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "240425"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "WL-NU516U1", "source": "cna", "vendor": "Wavlink"}, "product": "wl-nu516u1", "vendor": "wavlink"}], "analysis": {"en": {"generated_at": "2026-03-17T17:31:19.971195+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware update that resolves the XSS flaw from the vendor\u2019s official release.", "If a suitable update is not available, restrict external access to the /cgi-bin/login.cgi endpoint using firewall or access\u2011control rules.", "Deploy a web application firewall or similar filtering solution to block injection of malicious script payloads on the login page."], "summary": {"action": "Apply Patch", "impact": "Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Wavlink WL\u2011NU516U1 routers running firmware version 240425. The CPE string cpe:2.3:o:wavlink:wl-nu516u1_firmware:*:*:*:*:*:*:* points to this specific device model and firmware, with no narrower sub\u2011version scope provided.", "description_and_impact": "A flaw exists in the function sub_404F68 of the /cgi-bin/login.cgi file on Wavlink WL\u2011NU516U1 firmware 240425. Manipulating the homepage/hostname parameter triggers a client\u2011side cross\u2011site scripting vulnerability that can be exploited remotely. An attacker may inject malicious scripts into the browser of anyone who accesses the affected login page, potentially enabling cookie theft, session hijacking or additional client\u2011side attacks. The weakness is identified as CWE\u201179, with an additional CWE\u201194 reference that may relate to code injection possibilities.", "risk_and_exploitability": "The CVSS score is 5.1, indicating moderate severity, while the EPSS score is below 1\u202f% and the issue is not listed in the CISA KEV catalog. However, exploit code has been released publicly, increasing the likelihood of real\u2011world attacks. The attack vector is Remote \u2013 an adversary only needs to send a crafted HTTP request to the /cgi-bin/login.cgi endpoint. The impact is limited to the client\u2019s browser and does not provide privilege escalation on the device. The risk is therefore primarily for users who interact with the login page, but the presence of a public exploit raises the overall threat level."}}}}, "created": "2026-03-16T09:22:08.572662+00:00", "updated": "2026-03-23T14:02:02.792329+00:00", "vendors": ["wavlink", "wavlink$PRODUCT$wl-nu516u1"]}