CVE-2026-4166 | Wavlink WL-NU516U1 240425 /cgi-bin/login.cgi sub_404F68 homepage/hostname cross site scripting

A vulnerability categorized as problematic has been discovered in Wavlink WL-NU516U1 240425. The impacted element is the function sub_404F68 of the file /cgi-bin/login.cgi. The manipulation of the argument homepage/hostname results in cross site scripting.

This vulnerability is reported as CVE-2026-4166. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure.VulDB Recent EntriesRead More