CVE-2026-3662
Remote Command Injection in Wavlink WL-NU516U1 usb_p
Publication date: 2026-03-07
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wavlink | wl-nu516u1_firmware | m16u1_v240425 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-3662 is a command injection vulnerability found in the WAVLINK WL-NU516U1 USB Printer Server, specifically in the firmware version 240425. The flaw exists in the adm.cgi module, particularly when the HTTP request parameter "page" is set to "usb_p910." By manipulating the argument "Pr_mode" with crafted input, an attacker can inject and execute arbitrary commands on the device.'}, {'type': 'paragraph', 'content': 'This happens because the device constructs commands using functions like sprintf without proper input validation or sanitization, allowing special characters in the input to alter the command execution flow.'}, {'type': 'paragraph', 'content': 'The vulnerability can be exploited remotely and does not require user interaction, although it requires a higher privilege level (authentication). A proof-of-concept exploit has been publicly disclosed.'}] [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability allows an attacker to remotely execute arbitrary commands on the affected device, potentially leading to full system compromise.
- Confidentiality impact: Attackers may access sensitive information stored or processed by the device.
- Integrity impact: Attackers can alter device configurations or data.
- Availability impact: Attackers might disrupt device operations or cause denial of service.
Because the exploit is easy to perform and publicly available, the risk of exploitation is significant, especially if the device is exposed to untrusted networks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by sending a crafted HTTP POST request to the device's /cgi-bin/adm.cgi endpoint with the parameter page=usb_p910 and manipulating the Pr_mode argument to test for command injection."}, {'type': 'paragraph', 'content': 'For example, a test command could be a POST request with Pr_mode set to a value like: 1";echo 1 >/tmp/1.txt;# which attempts to inject a shell command that writes a file on the device.'}, {'type': 'paragraph', 'content': 'If the file /tmp/1.txt is created on the device, it indicates the vulnerability is present and command injection is possible.'}, {'type': 'paragraph', 'content': "This detection requires access to the device's HTTP interface and the ability to send POST requests."}] [1, 3]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "Immediate mitigation steps include restricting access to the vulnerable device's web interface to trusted networks only, as the attack requires remote HTTP access."}, {'type': 'paragraph', 'content': 'Since no known countermeasures or patches have been published by the vendor, it is recommended to replace the affected product to prevent exploitation.'}, {'type': 'paragraph', 'content': 'Additionally, monitor network traffic for suspicious POST requests targeting /cgi-bin/adm.cgi with the page=usb_p910 parameter.'}] [2]