CVE-2026-2566 - Vulnerability Details

- Wavlink WL-NU516U1 adm.cgi sub_406194 stack-based overflow

Description

A security vulnerability has been detected in Wavlink WL-NU516U1 up to 130/260. This affects the function sub_406194 of the file /cgi-bin/adm.cgi. Such manipulation of the argument firmware_url leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-02-16

Score: 8.6 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw is located in the sub_406194 function of /cgi-bin/adm.cgi on Wavlink WL‑NU516U1 firmware up to 130/260. A crafted firmware_url argument can overflow a stack buffer, which may lead to arbitrary code execution or a crash. The vulnerability is a classic buffer overflow, classified as CWE‑119 and CWE‑121.

Affected Systems

All Wavlink WL‑NU516U1 routers running firmware versions 130 and 260 that expose the /cgi-bin/adm.cgi interface are affected. No other Wavlink products or firmware revisions are listed as vulnerable.

Risk and Exploitability

The CVSS score of 8.6 signals high severity. The EPSS score is less than 1 %, indicating that the likelihood of widespread exploitation is currently low, though a public exploit has been disclosed and the vulnerability is not in the CISA KEV catalog. The attack vector is remote, exploiting the web interface; no privileged local access is required. If an attacker can reach the router’s admin CGI, the stack overflow could be triggered, potentially compromising the device. This risk is medium‑high for devices with remote management enabled.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Wavlink

WL-NU516U1

affected

Version	Status	Constraints
`130`	affected	—
`260`	affected	—

No data.

Vendor Product Confidence Versions

Wavlink

Wl-nu516u1

—

Version	Status	Scheme	Platform
`130`	affected	generic	—
`260`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply an official firmware update from Wavlink that corrects the stack‑based buffer overflow in adm.cgi.
If no update is available, block remote access to /cgi‑bin/adm.cgi or disable the router’s remote management feature to eliminate the attack surface.
Use firewall or router rules to reject firmware_url requests that exceed the expected input length, limiting the size of data sent and mitigating the overflow risk.

Generated by OpenCVE AI on April 17, 2026 at 19:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00057.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/firmware_url.md
https://vuldb.com/?ctiid.346173
https://vuldb.com/?id.346173
https://vuldb.com/?submit.751908

History

Mon, 23 Feb 2026 10:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wavlink wl-nu516u1 Firmware
CPEs		cpe:2.3:o:wavlink:wl-nu516u1_firmware::::::::
Vendors & Products		Wavlink wl-nu516u1 Firmware

Tue, 17 Feb 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 17 Feb 2026 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wavlink Wavlink wl-nu516u1
Vendors & Products		Wavlink Wavlink wl-nu516u1

Mon, 16 Feb 2026 17:30:00 +0000

Type	Values Removed	Values Added
Description		A security vulnerability has been detected in Wavlink WL-NU516U1 up to 130/260. This affects the function sub_406194 of the file /cgi-bin/adm.cgi. Such manipulation of the argument firmware_url leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Wavlink WL-NU516U1 adm.cgi sub_406194 stack-based overflow
Weaknesses		CWE-119 CWE-121
References		https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/firmware_url.md https://vuldb.com/?ctiid.346173 https://vuldb.com/?id.346173 https://vuldb.com/?submit.751908
Metrics		cvssV2_0 `{'score': 8.3, 'vector': 'AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Wavlink Wl-nu516u1 Wl-nu516u1 Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-16T17:02:06.381Z

Updated: 2026-02-23T10:12:56.936Z

Reserved: 2026-02-15T19:40:06.995Z

Link: CVE-2026-2566

Vulnrichment

Updated: 2026-02-17T14:42:37.476Z

NVD

Status : Deferred

Published: 2026-02-16T18:19:45.017

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-2566

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T19:15:26Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object