Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.6
Wavlink Router's Admin Feature Can Be Abused Remotely
CVE-2026-2565
Summary
A security flaw in a Wavlink router's admin feature can be exploited remotely, potentially allowing an attacker to take control of the router. This could happen if the router's software is not updated with the latest security patches. Users should check with the vendor for any available updates and apply them as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| wavlink | wl-nu516u1_firmware | <= 2025-12-08 | – |
Original title
A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the function sub_40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument time_zone causes sta...
Original description
A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the function sub_40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument time_zone causes stack-based buffer overflow. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.8
nvd CVSS3.1
6.6
nvd CVSS4.0
6.6
Vulnerability type
CWE-119
Buffer Overflow
CWE-121
Stack-based Buffer Overflow
- https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/time_zone.md Exploit Third Party Advisory
- https://vuldb.com/?ctiid.346172 Permissions Required VDB Entry
- https://vuldb.com/?id.346172 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.751133 Third Party Advisory VDB Entry
Published: 16 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026