Description
A vulnerability was determined in Wavlink WL-NU516U1 V240425. This affects the function sub_405AF4 of the file /cgi-bin/adm.cgi of the component OTA Online Upgrade. This manipulation of the argument firmware_url causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.
Published: 2026-03-06
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Command Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability exists in the OTA Online Upgrade component of Wavlink WL-NU516U1, specifically in the sub_405AF4 function of adm.cgi. By manipulating the firmware_url argument, an attacker can inject shell commands that the router will execute, leading to remote command execution. This is a classic instance of a command injection flaw and falls under CWE-74 and CWE-77. With successful exploitation, an attacker would gain the ability to run arbitrary commands on the device, potentially compromising the router, exfiltrating configuration data, or using it as a foothold within the local network.

Affected Systems

The affected vendor is Wavlink and the product is the WL‑NU516U1 router model. The specific firmware build impacted is V240425, as identified in the advisory. Any devices running this firmware revision are vulnerable unless the firmware is updated or the feature disabled.

Risk and Exploitability

The CVSS score of 8.6 classifies this as a high severity flaw, while the EPSS score of less than 1% indicates a very low yet non‑zero probability of widespread exploitation at the time of this assessment. It is not listed in the CISA KEV catalog. The remote nature of the attack combined with the lack of authentication on the adm.cgi endpoint means that an attacker who can reach the device over HTTP will be able to craft a request that triggers the command injection. Although the likelihood of exploitation is currently low, the potential impact remains significant.

Generated by OpenCVE AI on April 16, 2026 at 11:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the router firmware to a version that patches the command injection in the OTA upgrade feature.
  • If an immediate firmware update is not possible, block or disable access to the /cgi-bin/adm.cgi endpoint using a firewall or device access control rules, preventing unsolicited HTTP requests from reaching the vulnerable CGI.
  • If the device must remain visible for other functions, ensure that the firmware_url parameter is strictly validated on the server side: accept only well‑formed URLs from trusted sources and sanitize any input before it is passed to system commands.

Generated by OpenCVE AI on April 16, 2026 at 11:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 10 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:h:wavlink:wl-nu516u1:-:*:*:*:*:*:*:*
cpe:2.3:o:wavlink:wl-nu516u1_firmware:m16u1_v240425:*:*:*:*:*:*:*

Mon, 09 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 06 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Wavlink wl-nu516u1
Vendors & Products Wavlink wl-nu516u1

Fri, 06 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Wavlink WL-NU516U1 V240425. This affects the function sub_405AF4 of the file /cgi-bin/adm.cgi of the component OTA Online Upgrade. This manipulation of the argument firmware_url causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.
Title Wavlink WL-NU516U1 OTA Online Upgrade adm.cgi sub_405AF4 command injection
First Time appeared Wavlink
Wavlink wl-nu516u1 Firmware
Weaknesses CWE-74
CWE-77
CPEs cpe:2.3:o:wavlink:wl-nu516u1_firmware:*:*:*:*:*:*:*:*
Vendors & Products Wavlink
Wavlink wl-nu516u1 Firmware
References
Metrics cvssV2_0

{'score': 8.3, 'vector': 'AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Wavlink Wl-nu516u1 Wl-nu516u1 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-09T15:31:47.417Z

Reserved: 2026-03-05T18:20:48.894Z

Link: CVE-2026-3612

cve-icon Vulnrichment

Updated: 2026-03-09T15:31:43.496Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-06T01:15:54.163

Modified: 2026-03-10T18:29:54.790

Link: CVE-2026-3612

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T11:45:26Z

Weaknesses