CVE-2026-2615 | Wavlink WL-NU516U1 up to 20251208 /cgi-bin/firewall.cgi singlePortForwardDelete del_flag command injection

A vulnerability, which was classified as critical, was found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function singlePortForwardDelete of the file /cgi-bin/firewall.cgi. Executing a manipulation of the argument del_flag can lead to command injection.

The identification of this vulnerability is CVE-2026-2615. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2615 | Wavlink WL-NU516U1 up to 20251208 /cgi-bin/firewall.cgi singlePortForwardDelete del_flag command injection

Post correlati

CVE-2024-42240 | Linux Kernel up to 5.15.162/6.1.99/6.6.40/6.9.9 entry_SYSENTER_compat memory corruption

CVE-2024-41513 | CADClick up to 1.11.0 Artikel.aspx searchindex cross site scripting

CVE-2023-25039 | CodePeople Google Maps CP Plugin up to 1.0.43 on WordPress authorization

CVE-2024-53718 | Eric Teubert Multi Feed Reader Plugin up to 2.2.4 on WordPress cross-site request forgery