CVE-2025-9149 | Wavlink WL-NU516U1 M16U1_V240425 /cgi-bin/wireless.cgi sub_4032E4 Guest_ssid command injection

Inserito da Angelo Barbosa | Ago 19, 2025 | CVE

A vulnerability marked as critical has been reported in Wavlink WL-NU516U1 M16U1_V240425. This impacts the function sub_4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guest_ssid causes command injection.

This vulnerability is tracked as CVE-2025-9149. The attack is possible to be carried out remotely. Moreover, an exploit is present.

CVE-2025-9149 | Wavlink WL-NU516U1 M16U1_V240425 /cgi-bin/wireless.cgi sub_4032E4 Guest_ssid command injection

Post correlati

CVE-2024-11874 | Grid Accordion Lite Plugin up to 1.5.1 on WordPress cross site scripting

CVE-2025-7078 | 07FLYCMS/07FLY-CMS/07FlyCRM up to 1.3.9 cross-site request forgery

CVE-2023-51491 | Averta Depicter Slider Plugin up to 2.0.6 on WordPress cross-site request forgery

CVE-2023-49930 | Couchbase Server up to 7.2.3 cURL /diag/eval access control