cbcvebase.

Wavlink Wl-Nu516U1 Firmware vulnerabilities

28 known vulnerabilities affecting wavlink/wl-nu516u1_firmware.

Total CVEs
28
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH25MEDIUM1

Vulnerabilities

Page 2 of 2
CVE-2026-3661P2HIGHCVSS 7.2vm16u1_v2404252026-03-07
CVE-2026-3661 [HIGH] CWE-74 CVE-2026-3661: A flaw has been found in Wavlink WL-NU516U1 240425. This affects the function ota_new_upgrade of the A flaw has been found in Wavlink WL-NU516U1 240425. This affects the function ota_new_upgrade of the file /cgi-bin/adm.cgi. This manipulation of the argument model causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure.
nvd
CVE-2026-2615P2HIGHCVSS 7.2≤ 2025-12-082026-02-17
CVE-2026-2615 [HIGH] CWE-74 CVE-2026-2615: A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function sin A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function singlePortForwardDelete of the file /cgi-bin/firewall.cgi. Executing a manipulation of the argument del_flag can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early abo
nvd
CVE-2026-3703P2CRITICALCVSS 9.8v2512082026-03-08
CVE-2026-3703 [CRITICAL] CWE-119 CVE-2026-3703: A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /c A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. The attack may be performed from remote. The exploit has been published and may be used. Upgrading the affected component is recommended. The vendor was
nvd
CVE-2026-3704P2HIGHCVSS 7.2v2512082026-03-08
CVE-2026-3704 [HIGH] CVE-2026-3704: A vulnerability has been found in Wavlink NU516U1 251208. This vulnerability affects the function su A vulnerability has been found in Wavlink NU516U1 251208. This vulnerability affects the function sub_405B2C of the file /cgi-bin/firewall.cgi of the component Incomplete Fix CVE-2025-10959. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended
nvd
CVE-2026-2567P3HIGHCVSS 7.2≤ 2025-12-082026-02-16
CVE-2026-2567 [HIGH] CWE-119 CVE-2026-2567: A vulnerability was detected in Wavlink WL-NU516U1 20251208. This vulnerability affects the function A vulnerability was detected in Wavlink WL-NU516U1 20251208. This vulnerability affects the function sub_401218 of the file /cgi-bin/nas.cgi. Performing a manipulation of the argument User1Passwd results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
nvd
CVE-2025-10961P3HIGHCVSS 8.0vm16u1_v2404252025-09-25
CVE-2025-10961 [HIGH] CWE-74 CVE-2025-10961: A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. This affects the function sub_4030C A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. This affects the function sub_4030C0 of the file /cgi-bin/wireless.cgi of the component Delete_Mac_list Page. Executing manipulation of the argument delete_list can lead to command injection. The vendor was contacted early about this disclosure but did not respond in any way.
nvd
CVE-2026-3613P3HIGHCVSS 7.2vm16u1_v2404252026-03-06
CVE-2026-3613 [HIGH] CWE-119 CVE-2026-3613: A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vulnerability affects the functio A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vulnerability affects the function sub_401A0C of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early a
nvd
CVE-2026-2565P3MEDIUMCVSS 6.6≤ 2025-12-082026-02-16
CVE-2026-2565 [MEDIUM] CWE-119 CVE-2026-2565: A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the functio A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the function sub_40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument time_zone causes stack-based buffer overflow. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitation is known to be difficult.
nvd
Wavlink Wl-Nu516U1 Firmware vulnerabilities | cvebase