CVE-2026-2615 - Vulnerability Details

- Wavlink WL-NU516U1 firewall.cgi singlePortForwardDelete command injection

Description

A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function singlePortForwardDelete of the file /cgi-bin/firewall.cgi. Executing a manipulation of the argument del_flag can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-02-17

Score: 8.6 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A command‑injection flaw exists in the singlePortForwardDelete function of the Wavlink WL‑NU516U1 firewall firmware. Manipulating the del_flag argument allows an attacker to execute arbitrary shell commands on the device, resulting in full control over the system. This weakness falls under CWE‑74 and CWE‑77, and can compromise confidentiality, integrity, and availability of the device. The vulnerability is exploitable remotely, as documented attacks have already been published.

Affected Systems

The flaw affects Wavlink WL‑NU516U1 units running firmware up to version 20251208. No newer firmware versions are listed as vulnerable. Any installation of the device with the affected firmware exposed to a network is susceptible.

Risk and Exploitability

The CVSS score of 8.6 indicates a high severity, while the very low EPSS (<1%) suggests that, so far, exploitation attempts are infrequent. The vulnerability is not included in the CISA KEV list. Attackers can leverage the exposed command injection over the network to run arbitrary commands, but the lack of widespread exploitation to date reduces immediate threat, though the potential impact remains severe.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Wavlink

WL-NU516U1

affected

Version	Status	Constraints
`20251208`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:wavlink:wl-nu516u1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wavlink:wl-nu516u1:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Wavlink

Wl-nu516u1

100%

Version	Status	Scheme	Platform
`[20251208,20251208]`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Deploy a firmware update newer than 20251208 that resolves the singlePortForwardDelete injection flaw.
If no update is available, block or restrict remote access to the firewall.cgi interface through the device’s management settings or a perimeter firewall.
Apply input validation so that the del_flag parameter cannot be used to inject shell commands, or remove the option from the CGI to prevent its use remotely.

Generated by OpenCVE AI on April 17, 2026 at 18:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00464.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/singlePortForwardDelete.md
https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/singlePortForwardDelete.md#exp
https://vuldb.com/?ctiid.346265
https://vuldb.com/?id.346265
https://vuldb.com/?submit.751047

History

Wed, 18 Feb 2026 19:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wavlink wl-nu516u1 Firmware
CPEs		cpe:2.3:h:wavlink:wl-nu516u1:-:::::::* cpe:2.3:o:wavlink:wl-nu516u1_firmware::::::::
Vendors & Products		Wavlink wl-nu516u1 Firmware

Wed, 18 Feb 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 18 Feb 2026 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wavlink Wavlink wl-nu516u1
Vendors & Products		Wavlink Wavlink wl-nu516u1

Tue, 17 Feb 2026 13:15:00 +0000

Type	Values Removed	Values Added
Description		A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function singlePortForwardDelete of the file /cgi-bin/firewall.cgi. Executing a manipulation of the argument del_flag can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Wavlink WL-NU516U1 firewall.cgi singlePortForwardDelete command injection
Weaknesses		CWE-74 CWE-77
References		https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/singlePortForwardDelete.md https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/singlePortForwardDelete.md#exp https://vuldb.com/?ctiid.346265 https://vuldb.com/?id.346265 https://vuldb.com/?submit.751047
Metrics		cvssV2_0 `{'score': 8.3, 'vector': 'AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Wavlink Wl-nu516u1 Wl-nu516u1 Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-17T13:02:06.390Z

Updated: 2026-02-23T10:13:22.556Z

Reserved: 2026-02-17T06:53:05.788Z

Link: CVE-2026-2615

Vulnrichment

Updated: 2026-02-17T14:16:29.888Z

NVD

Status : Analyzed

Published: 2026-02-17T13:16:17.113

Modified: 2026-02-18T19:36:44.157

Link: CVE-2026-2615

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T19:00:11Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object