CVE-2026-8190 | Wavlink NU516U1 M16U1_V240425 /cgi-bin/adm.cgi wan os command injection

A vulnerability was found in Wavlink NU516U1 M16U1_V240425. It has been rated as critical. Affected by this issue is the function wan of the file /cgi-bin/adm.cgi. This manipulation of the argument ppp_username/ppp_passwd/rwan_ip/rwan_mask/rwan_gateway is directly passed by the attacker/so we can control the ppp_username/ppp_passwd/rwan_ip/rwan_mask/rwan_gateway causes os command injection.

This vulnerability is handled as CVE-2026-8190. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure.

CVE-2026-8190 | Wavlink NU516U1 M16U1_V240425 /cgi-bin/adm.cgi wan os command injection

Post correlati

CVE-2024-2665 | Premium Addons for Elementor Plugin up to 4.10.27 on WordPress Button cross site scripting

CVE-2024-2586 | Amssplus AMSS++ 4.31 /amssplus/index.php username sql injection

CVE-2024-5567 | Betheme Theme up to 27.5.5 on WordPress SVG File cross site scripting

CVE-2024-6910 | EventON Plugin up to 2.2.16 on WordPress Setting cross site scripting