Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
2.1
CVE-2026-8192: Wavlink NU516U1 M16U1_V240425 allows remote attackers to inject commands.
CVE-2026-8192
Summary
A security flaw in the Wavlink NU516U1 M16U1_V240425 allows hackers to remotely execute commands on the device. This could potentially allow them to access sensitive information or take control of the device. We recommend updating to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| wavlink | wl-nu516u1_firmware |
m16u1_v240425 cpe:2.3:o:wavlink:wl-nu516u1_firmware:m16u1_v240425:*:*:*:*:*:*:* |
Original title
A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. This vulnerability affects the function wzdap of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument EncrypTyp...
Original description
A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. This vulnerability affects the function wzdap of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument EncrypType/wl_Pass is directly passed by the attacker/so we can control the EncrypType/wl_Pass results in os command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
2.1
Vulnerability type
CWE-77
Command Injection
CWE-78
OS Command Injection
Published: 9 May 2026 · Updated: 28 May 2026 · First seen: 9 May 2026