Description
A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the function sub_40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument time_zone causes stack-based buffer overflow. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-02-16
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Monitor
AI Analysis

Impact

A stack-based buffer overflow occurs when the time_zone argument is processed by the sub_40785C function in /cgi-bin/adm.cgi on Wavlink WL‑NU516U1. Manipulating this input can corrupt the stack, allowing an attacker to execute arbitrary code with the privileges of the web server process. The exploit requires remote access to the administrative CGI interface and is considered to have high complexity, though publicly available proof‑of‑concept code demonstrates that it can ultimately lead to full compromise of the device.

Affected Systems

The vulnerability affects the Wavlink WL‑NU516U1 router model running firmware version 20251208. No other firmware revisions are listed as vulnerable at this time.

Risk and Exploitability

The CVSS score is 7.5, indicating high severity. The EPSS score is less than 1%, suggesting a low probability of mass exploitation, but the existence of a publicly available exploit and the vendor's lack of response means that local threats are still real. The vulnerability is not included in the CISA KEV catalog. Attackers can exploit it remotely by sending crafted time_zone values to /cgi-bin/adm.cgi; due to the buffer overflow they can potentially achieve remote code execution.

Generated by OpenCVE AI on April 18, 2026 at 12:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from Wavlink that addresses the stack buffer overflow in /cgi-bin/adm.cgi if one is available.
  • If no update is available, block remote access to the /cgi-bin/adm.cgi interface using firewall rules or by disabling remote management to prevent attackers from sending malicious time_zone data.
  • Restrict the administrative interface to a local network or require VPN access, minimizing exposure to the public network.
  • Continuously monitor system and firewall logs for anomalous requests to adm.cgi or repeated attempts to exploit time_zone, and trigger alerts on suspicious activity.
  • Conduct a security review of other CGI scripts on the device for similar stack-based overflow weaknesses in line with CWE‑119 and CWE‑121, applying input validation or code fixes as needed.

Generated by OpenCVE AI on April 18, 2026 at 12:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Feb 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Wavlink wl-nu516u1 Firmware
CPEs cpe:2.3:h:wavlink:wl-nu516u1:-:*:*:*:*:*:*:*
cpe:2.3:o:wavlink:wl-nu516u1_firmware:*:*:*:*:*:*:*:*
Vendors & Products Wavlink wl-nu516u1 Firmware

Tue, 17 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 17 Feb 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Wavlink
Wavlink wl-nu516u1
Vendors & Products Wavlink
Wavlink wl-nu516u1

Mon, 16 Feb 2026 16:45:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the function sub_40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument time_zone causes stack-based buffer overflow. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title Wavlink WL-NU516U1 adm.cgi sub_40785C stack-based overflow
Weaknesses CWE-119
CWE-121
References
Metrics cvssV2_0

{'score': 6.8, 'vector': 'AV:N/AC:H/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.6, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 7.5, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Wavlink Wl-nu516u1 Wl-nu516u1 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T10:12:45.283Z

Reserved: 2026-02-15T19:40:00.897Z

Link: CVE-2026-2565

cve-icon Vulnrichment

Updated: 2026-02-17T14:45:00.468Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-16T17:18:09.360

Modified: 2026-02-18T19:42:27.167

Link: CVE-2026-2565

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T12:15:15Z

Weaknesses