Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
Wavlink Firmware: Command Injection Risk Through Firewall Configuration
CVE-2026-3704
Summary
A security flaw in Wavlink NU516U1 firmware allows hackers to inject malicious commands. This could let attackers take control of the device. To stay safe, update the firmware to the latest version.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| wavlink | wl-nu516u1_firmware | 251208 | – |
Original title
A vulnerability has been found in Wavlink NU516U1 251208. This vulnerability affects the function sub_405B2C of the file /cgi-bin/firewall.cgi of the component Incomplete Fix CVE-2025-10959. The ma...
Original description
A vulnerability has been found in Wavlink NU516U1 251208. This vulnerability affects the function sub_405B2C of the file /cgi-bin/firewall.cgi of the component Incomplete Fix CVE-2025-10959. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
nvd CVSS2.0
5.8
nvd CVSS3.1
4.7
nvd CVSS4.0
5.1
Vulnerability type
CWE-74
Injection
CWE-77
Command Injection
- https://dl.wavlink.com/firmware/RD/WINSTAR_NU516U1-WO-A-2026-02-27-2fcf6ae-mt762...
- https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/wavlink_DMZ.md
- https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/wavlink_DMZ.md#exp
- https://vuldb.com/?ctiid.349650
- https://vuldb.com/?id.349650
- https://vuldb.com/?submit.759233
Published: 8 Mar 2026 · Updated: 13 Mar 2026 · First seen: 8 Mar 2026