{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-6483","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2026-04-17T05:35:30.853Z","datePublished":"2026-04-17T10:30:17.119Z","dateUpdated":"2026-04-17T10:53:26.356Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2026-04-17T10:30:17.119Z"},"title":"Wavlink WL-WN530H4 internet.cgi snprintf os command injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-78","lang":"en","description":"OS Command Injection"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-77","lang":"en","description":"Command Injection"}]}],"affected":[{"vendor":"Wavlink","product":"WL-WN530H4","versions":[{"version":"20220721","status":"affected"},{"version":"2026.04.16","status":"unaffected"}],"cpes":["cpe:2.3:o:wavlink:wl-wn530h4_firmware:*:*:*:*:*:*:*:*"]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 2026.04.16 is able to resolve this issue. Upgrading the affected component is recommended."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":8.6,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P","baseSeverity":"HIGH"}},{"cvssV3_1":{"version":"3.1","baseScore":7.2,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":7.2,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":8.3,"vectorString":"AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:OF/RC:C"}}],"timeline":[{"time":"2026-04-17T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2026-04-17T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2026-04-17T07:40:59.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"ST4R (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/vuln/358021","name":"VDB-358021 | Wavlink WL-WN530H4 internet.cgi snprintf os command injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/vuln/358021/cti","name":"VDB-358021 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/submit/783055","name":"Submit #783055 | https://github.com/dxz0069/WAVLINK-WN530H4-Command-Injection-in- WN530H4 (AC1200 Dual-Band Wi-Fi Router) Firmware: WN530H4-WAVLINK_20220721 Improper Neutralization of Special Elements used in an OS Comman","tags":["third-party-advisory"]},{"url":"https://github.com/dxz0069/WAVLINK-WN530H4-Command-Injection-in-set_add_routing/blob/main/vuldb_submission_report.md","tags":["exploit"]},{"url":"https://dl.wavlink.com/firmware/RD/root_uImage_WN530H4-A_2026.04.16.bin","tags":["patch"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-17T10:53:08.442347Z","id":"CVE-2026-6483","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-17T10:53:26.356Z"}}]}}