Skip to main content

Nu516U1

9 CVEs product

Monthly

CVE-2026-8230 LOW POC Monitor

OS command injection in Wavlink NU516U1 240425 via the ipaddr parameter in /cgi-bin/login.cgi allows authenticated remote attackers to execute arbitrary system commands with limited impact (confidentiality, integrity, availability). The vulnerability requires valid credentials (PR:L) but can be exploited over the network without user interaction. Publicly available exploit code exists, and the vendor was notified during coordinated disclosure.

Command Injection Nu516U1
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-8229 LOW POC Monitor

Remote command injection in Wavlink NU516U1 240425 allows authenticated attackers to execute arbitrary OS commands via manipulation of the AuthMethod or EncrypType arguments in the WifiBasic function of /cgi-bin/wireless.cgi. Publicly available exploit code exists, and the vendor was notified early of the disclosure.

Command Injection Nu516U1
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-8228 LOW POC Monitor

OS command injection in Wavlink NU516U1 240425 wireless configuration module allows authenticated remote attackers to execute arbitrary system commands via manipulation of the wlan_conf/Channel/skiplist/ieee_80211h parameter in /cgi-bin/wireless.cgi. Publicly available exploit code exists, and the vendor was notified early of disclosure. CVSS 6.3 reflects the moderate impact of command execution under authenticated conditions.

Command Injection Nu516U1
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-8227 LOW POC Monitor

Remote OS command injection in Wavlink NU516U1 240425 via the wzdapMesh function in /cgi-bin/adm.cgi allows authenticated remote attackers to execute arbitrary operating system commands with limited system impact. Publicly available exploit code exists, and the vendor has been notified of the disclosure.

Command Injection Nu516U1
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-8192 LOW POC Monitor

Wavlink NU516U1 M16U1_V240425 is vulnerable to remote OS command injection through the wzdap function in /cgi-bin/adm.cgi, where the EncrypType and wl_Pass parameters are passed unsanitized to system commands. An authenticated remote attacker can manipulate these arguments to execute arbitrary commands with the privileges of the web server process. Exploit code is publicly available (CVSS 6.3, EPSS probability indicated by E:P vector).

Command Injection Nu516U1
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-8191 LOW POC Monitor

Remote OS command injection in Wavlink NU516U1 M16U1_V240425 allows authenticated remote attackers to execute arbitrary system commands via the skiplist1/skiplist2 parameters in the wifi_region function of /cgi-bin/adm.cgi. The vulnerability is remotely exploitable with low complexity, affects confidentiality and integrity, and has publicly available exploit code.

Command Injection Nu516U1
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-8190 LOW POC Monitor

OS command injection in Wavlink NU516U1 M16U1_V240425 allows authenticated remote attackers to execute arbitrary system commands via unsanitized WAN configuration parameters (ppp_username, ppp_passwd, rwan_ip, rwan_mask, rwan_gateway) in the /cgi-bin/adm.cgi wan function. Publicly available exploit code exists and the vendor has been notified.

Command Injection Nu516U1
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-8189 LOW POC Monitor

Remote authenticated command injection in Wavlink NU516U1 M16U1_V240425 allows authenticated attackers to execute arbitrary OS commands via manipulation of wlan_bssid, sel_Automode, or sel_EncrypTyp parameters in the wzdrepeater function at /cgi-bin/adm.cgi. CVSS 6.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P) with public exploit code available; vendor was notified early of this disclosure.

Command Injection Nu516U1
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-8188 LOW POC Monitor

OS command injection in Wavlink NU516U1 M16U1_V240425 allows authenticated remote attackers to execute arbitrary commands via the change_wifi_password function in /cgi-bin/adm.cgi by manipulating the wl_channel, wl_Pass, or EncrypType parameters. Publicly available exploit code exists, and the vendor has been notified of the vulnerability.

Command Injection Nu516U1
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
EPSS 1% CVSS 2.1
LOW POC Monitor

OS command injection in Wavlink NU516U1 240425 via the ipaddr parameter in /cgi-bin/login.cgi allows authenticated remote attackers to execute arbitrary system commands with limited impact (confidentiality, integrity, availability). The vulnerability requires valid credentials (PR:L) but can be exploited over the network without user interaction. Publicly available exploit code exists, and the vendor was notified during coordinated disclosure.

Command Injection Nu516U1
NVD VulDB GitHub
EPSS 1% CVSS 2.1
LOW POC Monitor

Remote command injection in Wavlink NU516U1 240425 allows authenticated attackers to execute arbitrary OS commands via manipulation of the AuthMethod or EncrypType arguments in the WifiBasic function of /cgi-bin/wireless.cgi. Publicly available exploit code exists, and the vendor was notified early of the disclosure.

Command Injection Nu516U1
NVD VulDB GitHub
EPSS 1% CVSS 2.1
LOW POC Monitor

OS command injection in Wavlink NU516U1 240425 wireless configuration module allows authenticated remote attackers to execute arbitrary system commands via manipulation of the wlan_conf/Channel/skiplist/ieee_80211h parameter in /cgi-bin/wireless.cgi. Publicly available exploit code exists, and the vendor was notified early of disclosure. CVSS 6.3 reflects the moderate impact of command execution under authenticated conditions.

Command Injection Nu516U1
NVD VulDB GitHub
EPSS 1% CVSS 2.1
LOW POC Monitor

Remote OS command injection in Wavlink NU516U1 240425 via the wzdapMesh function in /cgi-bin/adm.cgi allows authenticated remote attackers to execute arbitrary operating system commands with limited system impact. Publicly available exploit code exists, and the vendor has been notified of the disclosure.

Command Injection Nu516U1
NVD VulDB GitHub
EPSS 1% CVSS 2.1
LOW POC Monitor

Wavlink NU516U1 M16U1_V240425 is vulnerable to remote OS command injection through the wzdap function in /cgi-bin/adm.cgi, where the EncrypType and wl_Pass parameters are passed unsanitized to system commands. An authenticated remote attacker can manipulate these arguments to execute arbitrary commands with the privileges of the web server process. Exploit code is publicly available (CVSS 6.3, EPSS probability indicated by E:P vector).

Command Injection Nu516U1
NVD VulDB GitHub
EPSS 1% CVSS 2.1
LOW POC Monitor

Remote OS command injection in Wavlink NU516U1 M16U1_V240425 allows authenticated remote attackers to execute arbitrary system commands via the skiplist1/skiplist2 parameters in the wifi_region function of /cgi-bin/adm.cgi. The vulnerability is remotely exploitable with low complexity, affects confidentiality and integrity, and has publicly available exploit code.

Command Injection Nu516U1
NVD VulDB GitHub
EPSS 1% CVSS 2.1
LOW POC Monitor

OS command injection in Wavlink NU516U1 M16U1_V240425 allows authenticated remote attackers to execute arbitrary system commands via unsanitized WAN configuration parameters (ppp_username, ppp_passwd, rwan_ip, rwan_mask, rwan_gateway) in the /cgi-bin/adm.cgi wan function. Publicly available exploit code exists and the vendor has been notified.

Command Injection Nu516U1
NVD VulDB GitHub
EPSS 1% CVSS 2.1
LOW POC Monitor

Remote authenticated command injection in Wavlink NU516U1 M16U1_V240425 allows authenticated attackers to execute arbitrary OS commands via manipulation of wlan_bssid, sel_Automode, or sel_EncrypTyp parameters in the wzdrepeater function at /cgi-bin/adm.cgi. CVSS 6.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P) with public exploit code available; vendor was notified early of this disclosure.

Command Injection Nu516U1
NVD VulDB GitHub
EPSS 1% CVSS 2.1
LOW POC Monitor

OS command injection in Wavlink NU516U1 M16U1_V240425 allows authenticated remote attackers to execute arbitrary commands via the change_wifi_password function in /cgi-bin/adm.cgi by manipulating the wl_channel, wl_Pass, or EncrypType parameters. Publicly available exploit code exists, and the vendor has been notified of the vulnerability.

Command Injection Nu516U1
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy