Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability was detected in Wavlink NU516U1 240425. The affected element is the function WifiBasic of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument AuthMethod/EncrypType results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure.
AnalysisAI
Remote command injection in Wavlink NU516U1 240425 allows authenticated attackers to execute arbitrary OS commands via manipulation of the AuthMethod or EncrypType arguments in the WifiBasic function of /cgi-bin/wireless.cgi. Publicly available exploit code exists, and the vendor was notified early of the disclosure.
Technical ContextAI
The vulnerability resides in the wireless configuration CGI handler at /cgi-bin/wireless.cgi, specifically within the WifiBasic function which processes WiFi authentication parameters. The affected parameters (AuthMethod and EncrypType) are insufficiently sanitized before being passed to OS command execution, creating a classic command injection vulnerability (CWE-78: Improper Neutralization of Special Elements used in an OS Command). The device appears to be a wireless router/access point where web-based management interfaces are common attack surfaces. The vulnerability requires network access to the administrative interface and authenticated credentials, limiting exposure to authorized users or those who can bypass authentication.
RemediationAI
Contact Wavlink support for availability of patched firmware beyond version 240425, as no vendor-released patch version is currently confirmed. Immediate compensating controls: (1) restrict network access to the administrative interface at /cgi-bin/wireless.cgi to trusted networks only using firewall rules or VPN; (2) change default administrative credentials to strong, unique passwords and enforce account lockout policies; (3) disable remote management features if not required; (4) consider isolating the device on a separate management network segment with restricted inter-VLAN routing. If the device supports firmware updates, check the Wavlink support portal regularly. Users should avoid exposing the management interface directly to the internet or untrusted networks until patched firmware is available.
OS command injection in Wavlink NU516U1 240425 via the ipaddr parameter in /cgi-bin/login.cgi allows authenticated remot
OS command injection in Wavlink NU516U1 240425 wireless configuration module allows authenticated remote attackers to ex
Remote OS command injection in Wavlink NU516U1 240425 via the wzdapMesh function in /cgi-bin/adm.cgi allows authenticate
Wavlink NU516U1 M16U1_V240425 is vulnerable to remote OS command injection through the wzdap function in /cgi-bin/adm.cg
Remote OS command injection in Wavlink NU516U1 M16U1_V240425 allows authenticated remote attackers to execute arbitrary
OS command injection in Wavlink NU516U1 M16U1_V240425 allows authenticated remote attackers to execute arbitrary system
Remote authenticated command injection in Wavlink NU516U1 M16U1_V240425 allows authenticated attackers to execute arbitr
OS command injection in Wavlink NU516U1 M16U1_V240425 allows authenticated remote attackers to execute arbitrary command
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28977
GHSA-c696-6wrh-863m