Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A weakness has been identified in Wavlink WL-NU516U1 260227. This vulnerability affects the function ftext of the file /cgi-bin/nas.cgi. This manipulation of the argument Content-Length causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Remote attackers can exploit a stack-based buffer overflow in the /cgi-bin/nas.cgi endpoint of Wavlink WL-NU516U1 by manipulating the Content-Length parameter to achieve unauthenticated remote code execution. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. Authentication is required to trigger the flaw, limiting exposure to authenticated users or those with network access to the device.
Technical ContextAI
The vulnerability affects Wavlink WL-NU516U1 network-attached storage device firmware version 260227 (CPE: cpe:2.3:a:wavlink:wl-nu516u1:*:*:*:*:*:*:*:*). The underlying issue is classified as CWE-121 (Stack-based Buffer Overflow), where the ftext function in the /cgi-bin/nas.cgi CGI script fails to properly validate the Content-Length HTTP header parameter before copying data onto the stack. This lack of bounds checking allows an attacker to overflow the stack buffer, potentially overwriting the return address and achieving arbitrary code execution. CGI-based vulnerabilities in embedded NAS devices are particularly concerning as these devices often run with elevated privileges and have direct access to sensitive file storage.
RemediationAI
As the vendor (Wavlink) has not responded to vulnerability disclosure and no official patch is available, organizations should immediately isolate affected WL-NU516U1 devices from untrusted networks and the internet. Implement network segmentation to restrict access to these devices only from trusted internal IP ranges using firewall rules or VLANs. Change all default credentials to strong, unique passwords to raise the authentication barrier. Consider replacing the device with alternative NAS solutions from vendors with active security response programs if the device must remain internet-accessible. Monitor authentication logs for suspicious login attempts and implement rate limiting on the CGI interface if possible through upstream proxies or web application firewalls. Detailed exploit information is available at https://github.com/Wlz1112/WAVLINK-NU516U1-V260227/blob/main/Content-Length.md for testing defensive controls.
More in Wl Nu516U1
View allSame weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16146