Wl Nu516u1 Firmware
CVE-2026-2565
MEDIUM
Severity by source
AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the function sub_40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument time_zone causes stack-based buffer overflow. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Stack overflow in Wavlink WL-NU516U1 firmware's /cgi-bin/adm.cgi allows remote attackers with high privileges to achieve code execution via a malicious time_zone parameter. Public exploit code exists for this vulnerability, though exploitation requires high complexity and the vendor has not released a patch.
Technical ContextAI
Classified as CWE-119 (Buffer Overflow). Affects Wl-Nu516U1 Firmware. A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the function sub_40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument time_zone causes stack-based buffer overflow. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not
RemediationAI
Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.
More in Wl Nu516u1 Firmware
View allWavlink NU516U1 firmware 251208 has a buffer overflow enabling remote code execution through crafted HTTP requests to th
Remote code execution in Wavlink WL-NU516U1 firmware allows unauthenticated attackers to execute arbitrary commands thro
Wl-Nu516U1 Firmware versions up to 20251208. contains a vulnerability that allows attackers to command injection (CVSS 7
Stack-based buffer overflow in Wavlink WL-NU516U1 firmware's login.cgi allows remote attackers with high privileges to a
Remote code execution in Wavlink WL-NU516U1 firmware through a stack-based buffer overflow in the nas.cgi User1Passwd pa
Command injection in Wavlink NU516U1 firmware's firewall CGI component allows authenticated remote attackers to execute
Command injection in Wavlink WL-NU516U1 firmware allows remote attackers with high privileges to execute arbitrary comma
Command injection in Wavlink WL-NU516U1 firmware allows remote attackers with high privileges to execute arbitrary comma
A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. Rated medium severity (CVSS 5.1), this vulnerability is
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today