Description
A vulnerability has been found in Wavlink NU516U1 251208. This vulnerability affects the function sub_405B2C of the file /cgi-bin/firewall.cgi of the component Incomplete Fix CVE-2025-10959. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Published: 2026-03-08
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Command Injection via Web Interface
Action: Patch Upgrade
AI Analysis

Impact

The vulnerability resides in the sub_405B2C function of /cgi-bin/firewall.cgi on the Wavlink NU516U1 router, allowing an attacker to inject arbitrary shell commands through crafted requests. The flaw maps to CWE-74 (Command Injection) and CWE-77 (Improper Validation of Inherited Environment Variables). Based on the description, it is inferred that successful exploitation could give the attacker control over the device’s operating system, potentially enabling data exfiltration, covert persistence, or lateral movement into the network segment the router protects. The vulnerability explicitly states that the attack can be initiated remotely, indicating the affected CGI endpoint is exposed over the network.

Affected Systems

Affected hardware includes the Wavlink NU516U1 router with firmware build 251208. The web interface exposes a CGI script at /cgi-bin/firewall.cgi that processes requests from the router’s management portal. The CPEs for the affected product are wvlink:wl‑nu516u1 firmware version 251208 and the device hardware identifier wl‑nu516u1.

Risk and Exploitability

The CVSS score of 5.1 places the vulnerability in the medium severity range. The EPSS score is less than 1 %, suggesting that exploitation attempts are currently rare or opportunistic. The issue is not listed in the CISA KEV catalog. Although the description confirms public disclosure and remote attack potential, the lack of an explicit authentication requirement implies that a malware- or bot-driven attack could target any device with its web interface exposed to the internet. Consequently, organizations that leave the NU516U1 router’s management interface reachable from untrusted networks face a nontrivial risk, even though the likelihood of widespread exploitation appears low at present.

Generated by OpenCVE AI on April 18, 2026 at 17:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the router to the latest firmware from Wavlink that includes the fixed version for NU516U1.
  • If an update is not yet available, restrict access to the router’s web interface by placing the device behind a firewall or disabling remote management features that expose /cgi-bin/firewall.cgi.
  • As a temporary measure, remove or block the vulnerable firewall.cgi endpoint from the web server configuration until a patch can be applied.

Generated by OpenCVE AI on April 18, 2026 at 17:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 10 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Wavlink wl-nu516u1 Firmware
CPEs cpe:2.3:h:wavlink:wl-nu516u1:-:*:*:*:*:*:*:*
cpe:2.3:o:wavlink:wl-nu516u1_firmware:251208:*:*:*:*:*:*:*
Vendors & Products Wavlink wl-nu516u1 Firmware

Tue, 10 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Wavlink
Wavlink wl-nu516u1
Vendors & Products Wavlink
Wavlink wl-nu516u1

Sun, 08 Mar 2026 04:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Wavlink NU516U1 251208. This vulnerability affects the function sub_405B2C of the file /cgi-bin/firewall.cgi of the component Incomplete Fix CVE-2025-10959. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Title Wavlink NU516U1 Incomplete Fix CVE-2025-10959 firewall.cgi sub_405B2C command injection
Weaknesses CWE-74
CWE-77
References
Metrics cvssV2_0

{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Wavlink Wl-nu516u1 Wl-nu516u1 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-10T13:55:33.641Z

Reserved: 2026-03-07T08:56:16.000Z

Link: CVE-2026-3704

cve-icon Vulnrichment

Updated: 2026-03-10T13:55:11.032Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-08T04:15:59.543

Modified: 2026-03-10T18:55:30.817

Link: CVE-2026-3704

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T17:30:05Z

Weaknesses