CVE-2026-2567 - Vulnerability Details

- Wavlink WL-NU516U1 nas.cgi sub_401218 stack-based overflow

Description

A vulnerability was detected in Wavlink WL-NU516U1 20251208. This vulnerability affects the function sub_401218 of the file /cgi-bin/nas.cgi. Performing a manipulation of the argument User1Passwd results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.

Published: 2026-02-16

Score: 8.6 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A stack‑based buffer overflow was discovered in the sub_401218 function of the Wavlink WL‑NU516U1 firmware 20251208. The flaw is triggered by manipulating the User1Passwd argument supplied to the /cgi-bin/nas.cgi CGI script. By overflowing the stack buffer, an attacker can overwrite control data on the stack and potentially execute arbitrary code. The vulnerability is remotely exploitable, meaning only network access to the device is required to send a crafted request.

Affected Systems

The affected product is the Wavlink WL‑NU516U1 network attached storage appliance running firmware version 20251208. The issue resides in the /cgi-bin/nas.cgi component of the device. Users operating that model with the specified firmware are potentially vulnerable. No other vendors or products are listed in the CVE data.

Risk and Exploitability

The CVSS base score of 8.6 indicates high severity, while the EPSS score of less than 1% suggests a very low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Because the flaw allows remote exploitation via HTTP requests, an attacker who can reach the device from outside the local network could potentially gain code execution if the NAS is exposed. The description implies that an attacker would need to supply a specially crafted User1Passwd parameter to trigger the overflow, but no public proof‑of‑concept is referenced, so the practical exploitability remains somewhat uncertain.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Wavlink

WL-NU516U1

affected

Version	Status	Constraints
`20251208`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:wavlink:wl-nu516u1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wavlink:wl-nu516u1:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Wavlink

Wl-nu516u1

—

Version	Status	Scheme	Platform
`20251208`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Flash a corrected firmware version that addresses the sub_401218 overflow.
If no firmware update is available, block external HTTP requests to /cgi-bin/nas.cgi or disable the User1Passwd feature through the device’s firewall or web configuration.
Change the device’s default administrative credentials and monitor logs for unexpected accesses to the User1Passwd parameter.

Generated by OpenCVE AI on April 17, 2026 at 19:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00145.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/nas.cgi_User1Passwd.md
https://vuldb.com/?ctiid.346174
https://vuldb.com/?id.346174
https://vuldb.com/?submit.752016

History

Wed, 18 Feb 2026 19:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wavlink wl-nu516u1 Firmware
Weaknesses		CWE-787
CPEs		cpe:2.3:h:wavlink:wl-nu516u1:-:::::::* cpe:2.3:o:wavlink:wl-nu516u1_firmware::::::::
Vendors & Products		Wavlink wl-nu516u1 Firmware

Tue, 17 Feb 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 17 Feb 2026 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wavlink Wavlink wl-nu516u1
Vendors & Products		Wavlink Wavlink wl-nu516u1

Mon, 16 Feb 2026 17:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was detected in Wavlink WL-NU516U1 20251208. This vulnerability affects the function sub_401218 of the file /cgi-bin/nas.cgi. Performing a manipulation of the argument User1Passwd results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
Title		Wavlink WL-NU516U1 nas.cgi sub_401218 stack-based overflow
Weaknesses		CWE-119 CWE-121
References		https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/nas.cgi_User1Passwd.md https://vuldb.com/?ctiid.346174 https://vuldb.com/?id.346174 https://vuldb.com/?submit.752016
Metrics		cvssV2_0 `{'score': 8.3, 'vector': 'AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Wavlink Wl-nu516u1 Wl-nu516u1 Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-16T17:32:05.929Z

Updated: 2026-02-23T10:13:10.511Z

Reserved: 2026-02-15T19:40:10.069Z

Link: CVE-2026-2567

Vulnrichment

Updated: 2026-02-17T14:46:29.235Z

NVD

Status : Analyzed

Published: 2026-02-16T18:19:45.217

Modified: 2026-02-18T19:41:03.690

Link: CVE-2026-2567

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T19:00:11Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object