Wavlink WL-WN530H4 OS Command Injection Vulnerability (CVE-2026-6483) Advisory

Vulnerability Overview Vulnerability Name: Wavlink WL-WN530H4 20220721 /cgi-bin/internet.cgi strcat/sprintf OS command injection Vulnerability Type: OS Command Injection Severity: Critical CVE ID: CVE-2026-6483 CVSS Score: 6.5 Description: This vulnerability exists in the file of Wavlink WL-WN530H4 20220721, specifically within the functions. An attacker can execute arbitrary OS commands by crafting malicious input, affecting the system’s confidentiality, integrity, and availability. Impact Scope Affected Product: Wavlink WL-WN530H4 Affected Version: 20220721 Exploitation Requirements: Requires an additional authentication level, but technical details and publicly available exploit code are known. Attack Vector: Remote Attack Complexity: Low Impact: Confidentiality, Integrity, Availability Remediation Recommended Measures: Upgrade to version 2026.04.16 Upgrade Link: dl.wavlink.com Additional Information Exploit Code: The page mentions that exploit code is available on GitHub, but specific code was not provided. Timeline: - April 17, 2026: Vulnerability disclosed - April 17, 2026: VulDB entry created - April 17, 2026: VulDB entry last updated Summary Wavlink WL-WN530H4 20220721 contains a critical OS command injection vulnerability, allowing attackers to execute arbitrary OS commands by crafting malicious input. It is recommended to upgrade to version 2026.04.16 as soon as possible to remediate this vulnerability.

Goal Reached Thanks to every supporter — we hit 100%!

Wavlink WL-WN530H4 OS Command Injection Vulnerability (CVE-2026-6483) Advisory