CVE-2026-2566 | Wavlink WL-NU516U1 up to 130/260 /cgi-bin/adm.cgi sub_406194 firmware_url stack-based overflow

Inserito da Angelo Barbosa | Feb 15, 2026 | CVE

A vulnerability categorized as critical has been discovered in Wavlink WL-NU516U1 up to 130/260. This affects the function sub_406194 of the file /cgi-bin/adm.cgi. Such manipulation of the argument firmware_url leads to stack-based buffer overflow.

This vulnerability is uniquely identified as CVE-2026-2566. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2566 | Wavlink WL-NU516U1 up to 130/260 /cgi-bin/adm.cgi sub_406194 firmware_url stack-based overflow

Post correlati

CVE-2024-23344 | Enalean Tuleap Community Edition prior 15.4.99.140 information disclosure (GHSA-m3v5-2j5q-x85w)

CVE-2024-4523 | Campcodes Complete Web-Based School Management System 1.0 teacher_attendance_history1.php year cross site scripting

CVE-2023-6422 | BigProf Online Clinic Management System 2.2 patients_view.php FirstRecord cross site scripting

CVE-2025-8227 | yanyutao0402 ChanCMS up to 3.1.2 /collect/getArticle taskUrl deserialization (ICLP81)