Skip to main content

Wl Nu516U1 CVE-2026-4861

| EUVDEUVD-2026-16146 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-03-26 VulDB
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
PoC Detected
Mar 30, 2026 - 13:26 vuln.today
Public exploit code
EUVD ID Assigned
Mar 26, 2026 - 08:45 euvd
EUVD-2026-16146
Analysis Generated
Mar 26, 2026 - 08:45 vuln.today
CVE Published
Mar 26, 2026 - 08:18 nvd
HIGH 7.4

DescriptionCVE.org

A weakness has been identified in Wavlink WL-NU516U1 260227. This vulnerability affects the function ftext of the file /cgi-bin/nas.cgi. This manipulation of the argument Content-Length causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Remote attackers can exploit a stack-based buffer overflow in the /cgi-bin/nas.cgi endpoint of Wavlink WL-NU516U1 by manipulating the Content-Length parameter to achieve unauthenticated remote code execution. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. Authentication is required to trigger the flaw, limiting exposure to authenticated users or those with network access to the device.

Technical ContextAI

The vulnerability affects Wavlink WL-NU516U1 network-attached storage device firmware version 260227 (CPE: cpe:2.3:a:wavlink:wl-nu516u1:*:*:*:*:*:*:*:*). The underlying issue is classified as CWE-121 (Stack-based Buffer Overflow), where the ftext function in the /cgi-bin/nas.cgi CGI script fails to properly validate the Content-Length HTTP header parameter before copying data onto the stack. This lack of bounds checking allows an attacker to overflow the stack buffer, potentially overwriting the return address and achieving arbitrary code execution. CGI-based vulnerabilities in embedded NAS devices are particularly concerning as these devices often run with elevated privileges and have direct access to sensitive file storage.

RemediationAI

As the vendor (Wavlink) has not responded to vulnerability disclosure and no official patch is available, organizations should immediately isolate affected WL-NU516U1 devices from untrusted networks and the internet. Implement network segmentation to restrict access to these devices only from trusted internal IP ranges using firewall rules or VLANs. Change all default credentials to strong, unique passwords to raise the authentication barrier. Consider replacing the device with alternative NAS solutions from vendors with active security response programs if the device must remain internet-accessible. Monitor authentication logs for suspicious login attempts and implement rate limiting on the CGI interface if possible through upstream proxies or web application firewalls. Detailed exploit information is available at https://github.com/Wlz1112/WAVLINK-NU516U1-V260227/blob/main/Content-Length.md for testing defensive controls.

Share

CVE-2026-4861 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy