CVE-2025-10775 | Wavlink WL-NU516U1 240425 /cgi-bin/login.cgi sub_4012A0 ipaddr os command injection

Inserito da Angelo Barbosa | Set 21, 2025 | CVE

A vulnerability categorized as critical has been discovered in Wavlink WL-NU516U1 240425. This vulnerability affects the function sub_4012A0 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to os command injection.

This vulnerability is referenced as CVE-2025-10775. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-10775 | Wavlink WL-NU516U1 240425 /cgi-bin/login.cgi sub_4012A0 ipaddr os command injection

Post correlati

CVE-2025-34157 | coollabsio Coolify up to 4.0.0-beta.420.6 Project Creation Workflow cross site scripting

CVE-2025-52925 | One Identity OneLogin Active Directory Connector up to 6.1.4 DirectoryToken transmission of private resources into a new sphere (‘resource leak’)

CVE-2023-42505 | Apache Superset up to 2.x Database Connection Metadata information disclosure

CVE-2025-39952 | Linux Kernel up to 6.6.107/6.12.48/6.16.8 wifi wlan_cfg.c wilc_wlan_parse_response_frame len buffer overflow