CVE-2026-8192 | Wavlink NU516U1 M16U1_V240425 /cgi-bin/adm.cgi wzdap os command injection

A vulnerability identified as critical has been detected in Wavlink NU516U1 M16U1_V240425. This vulnerability affects the function wzdap of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument EncrypType/wl_Pass is directly passed by the attacker/so we can control the EncrypType/wl_Pass results in os command injection.

This vulnerability was named CVE-2026-8192. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure.

CVE-2026-8192 | Wavlink NU516U1 M16U1_V240425 /cgi-bin/adm.cgi wzdap os command injection

Post correlati

CVE-2026-42206 | roadiz core-bundle-dev-app up to 2.3.42/2.5.44/2.6.30/2.7.17 generate data authenticity (GHSA-3gx8-q682-38mx)

CVE-2025-24867 | SAP BusinessObjects Platform BI Launchpad unprotected cross site scripting

CVE-2025-8929 | code-projects Medical Store Management System 1.0 MainPanel.java searchTxt sql injection

CVE-2025-62895 | Vito Peleg Atarim Plugin up to 4.2 on WordPress insertion of sensitive information into sent data