Description
A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This affects the function wifi_region of the file /cgi-bin/adm.cgi. Such manipulation of the argument skiplist1/skiplist2 leads to os command injection. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.
Published: 2026-05-09
Score: 5.3 Medium
EPSS: 5.3% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A remote attacker can manipulate the skiplist1 or skiplist2 query parameters of the adm.cgi wifi_region function on the Wavlink NU516U1 router, enabling OS command injection that yields arbitrary command execution on the device’s operating system. The vulnerability exploits weaknesses in command construction (CWE‑77/78) and could be triggered without local access if the web administration interface is exposed to the Internet.

Affected Systems

The flaw exists in the Wavlink NU516U1 router running firmware M16U1_V240425. Any deployment that enables the adm.cgi web‑management interface, particularly over untrusted networks, is susceptible. Devices without remote administration turned off or without authentication controls face higher risk.

Risk and Exploitability

The CVSS score of 5.3 indicates medium severity, while the EPSS score of 5% shows a modest probability of exploitation. An exploit is publicly available, which raises the likelihood of real‑world attacks, but the vulnerability is not yet included in CISA’s KEV catalog. The attack can be launched remotely by sending crafted HTTP requests to the admin interface; if authentication is required, the attacker must bypass or abuse authentication mechanisms. Overall, the risk is moderate, with a realistic threat to exposed devices.

Generated by OpenCVE AI on June 18, 2026 at 08:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Restrict access to the adm.cgi interface by enabling network‑level access control, such as firewall rules or ACLs, so that the web‑management interface is reachable only from a trusted local network or specific IP addresses.
  • Enforce strong authentication on the admin interface, ensuring that only authorized users can submit configuration requests. If possible, disable password or enable two‑factor authentication to reduce the chance of credential compromise.
  • Monitor router logs and network traffic for anomalous command executions or unexpected outbound connections that may indicate exploitation. Use IDS/IPS or logging solutions to alert on suspicious activity.

Generated by OpenCVE AI on June 18, 2026 at 08:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Wavlink wl-nu516u1 Firmware
CPEs cpe:2.3:h:wavlink:wl-nu516u1:-:*:*:*:*:*:*:*
cpe:2.3:o:wavlink:wl-nu516u1_firmware:m16u1_v240425:*:*:*:*:*:*:*
Vendors & Products Wavlink wl-nu516u1 Firmware

Tue, 12 May 2026 03:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 10 May 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Wavlink
Wavlink wl-nu516u1
Vendors & Products Wavlink
Wavlink wl-nu516u1

Sat, 09 May 2026 18:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This affects the function wifi_region of the file /cgi-bin/adm.cgi. Such manipulation of the argument skiplist1/skiplist2 leads to os command injection. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.
Title Wavlink NU516U1 adm.cgi wifi_region os command injection
Weaknesses CWE-77
CWE-78
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Wavlink Wl-nu516u1 Wl-nu516u1 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-12T02:25:52.944Z

Reserved: 2026-05-08T19:52:11.621Z

Link: CVE-2026-8191

cve-icon Vulnrichment

Updated: 2026-05-12T02:25:47.928Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-09T19:16:09.093

Modified: 2026-06-17T11:03:36.290

Link: CVE-2026-8191

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T08:30:04Z

Weaknesses
  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')

  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')