What is CVE-2026-6483?

CVE-2026-6483 is a high-severity vulnerability in Wavlink Wl-wn530h4, classified under OS Command Injection. CVSS score: 7.2/10. Published 2026-04-17.

How severe is CVE-2026-6483?

High severity. CVSS v3 base score is 7.2 out of 10.

RCE in Wavlink Wl-wn530h4

CVE-2026-6483

A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remo…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.000 (11.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C.

Affected products

Wavlink Wl-wn530h4 — versions 20220721, 2026.04.16

Weakness classification (CWE)

References

VDB-358021 | Wavlink WL-WN530H4 internet.cgi snprintf os command injection (vdb-entry, technical-description)
VDB-358021 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
Submit #783055 | https://github.com/dxz0069/WAVLINK-WN530H4-Command-Injection-in- WN530H4 (AC1200 Dual-Band Wi-Fi Router) Firmware: WN530H4-WAVLINK_20220721 Improper Neutralization of Special Elements used in an OS Comman (third-party-advisory)
github.com/dxz0069/WAVLINK-WN530H4-Command-Injection-in-set_add_routing/blob/ma… (exploit)
dl.wavlink.com/firmware/RD/root_uImage_WN530H4-A_2026.04.16.bin (patch)

Frequently asked questions

What is CVE-2026-6483?: CVE-2026-6483 is a high-severity vulnerability in Wavlink Wl-wn530h4, classified under OS Command Injection. CVSS score: 7.2/10. Published 2026-04-17.
How severe is CVE-2026-6483?: High severity. CVSS v3 base score is 7.2 out of 10.