CVE-2026-8228
published 2026-05-10CVE-2026-8228: A security vulnerability has been detected in Wavlink NU516U1 240425. Impacted is the function advance of the file /cgi-bin/wireless.cgi. Such manipulation of…
PriorityP273high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
4.81%
90.8th percentile
A security vulnerability has been detected in Wavlink NU516U1 240425. Impacted is the function advance of the file /cgi-bin/wireless.cgi. Such manipulation of the argument wlan_conf/Channel/skiplist/ieee_80211h leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wavlink | nu516u1 | — | — |
| wavlink | wl-nu516u1_firmware | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4vgm-cq4r-3fhg: A security vulnerability has been detected in Wavlink NU516U1 240425
ghsa_unreviewed·2026-05-10
CVE-2026-8228 [LOW] CWE-77 GHSA-4vgm-cq4r-3fhg: A security vulnerability has been detected in Wavlink NU516U1 240425
A security vulnerability has been detected in Wavlink NU516U1 240425. Impacted is the function advance of the file /cgi-bin/wireless.cgi. Such manipulation of the argument wlan_conf/Channel/skiplist/ieee_80211h leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.
VulDB
Wavlink NU516U1 240425 /cgi-bin/wireless.cgi advance wlan_conf/Channel/skiplist/ieee_80211h os command injection
vuldb·2026-05-09·CVSS 2.1
CVE-2026-8228 [LOW] Wavlink NU516U1 240425 /cgi-bin/wireless.cgi advance wlan_conf/Channel/skiplist/ieee_80211h os command injection
A vulnerability described as critical has been identified in Wavlink NU516U1 240425. Impacted is the function advance of the file /cgi-bin/wireless.cgi. Such manipulation of the argument wlan_conf/Channel/skiplist/ieee_80211h leads to os command injection.
This vulnerability is traded as CVE-2026-8228. The attack may be launched remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-10
Published