CVE-2026-8189 | Wavlink NU516U1 M16U1_V240425 /cgi-bin/adm.cgi wzdrepeater wlan_bssid/sel_Automode/sel_EncrypTyp os command injection

Inserito da Angelo Barbosa | Mag 8, 2026 | CVE

A vulnerability was found in Wavlink NU516U1 M16U1_V240425. It has been declared as critical. Affected by this vulnerability is the function wzdrepeater of the file /cgi-bin/adm.cgi. The manipulation of the argument wlan_bssid/sel_Automode/sel_EncrypTyp results in os command injection.

This vulnerability is known as CVE-2026-8189. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure.

CVE-2026-8189 | Wavlink NU516U1 M16U1_V240425 /cgi-bin/adm.cgi wzdrepeater wlan_bssid/sel_Automode/sel_EncrypTyp os command injection

Post correlati

CVE-2024-37404 | Ivanti Connect Secure/Policy Secure crlf injection

CVE-2024-41092 | Linux Kernel up to 5.10.220/5.15.161/6.1.96/6.6.36/6.9.7 i915_vma_revoke_fence use after free

CVE-2024-24458 | Athonet vEPC MME 11.4.0 PLMN Identity denial of service

CVE-2024-44550 | Tenda AX1806 1.0.0.1 formGetIptv adv.iptv.stbpvid stack-based overflow