CVE-2025-10775 | Wavlink WL-NU516U1 240425 /cgi-bin/login.cgi sub_4012A0 ipaddr os command injection

Inserito da Angelo Barbosa | Set 21, 2025 | CVE

A vulnerability categorized as critical has been discovered in Wavlink WL-NU516U1 240425. This vulnerability affects the function sub_4012A0 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to os command injection.

This vulnerability is referenced as CVE-2025-10775. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-10775 | Wavlink WL-NU516U1 240425 /cgi-bin/login.cgi sub_4012A0 ipaddr os command injection

Post correlati

CVE-2024-52923 | Samsung Modem 5400 NRMM denial of service

CVE-2024-1276 | wpdevteam Essential Addons for Elementor Plugin up to 5.9.8 on WordPress Content Ticker arrow cross site scripting

CVE-2025-9794 | Campcodes Computer Sales and Inventory System 1.0 pos_transac.php?action=add cash/firstname sql injection

CVE-2025-6068 | FooGallery Plugin up to 2.4.31 on WordPress HTML Attribute HTML injection