CVE-2026-8191 | Wavlink NU516U1 M16U1_V240425 /cgi-bin/adm.cgi wifi_region skiplist1/skiplist2 os command injection

Inserito da Angelo Barbosa | Mag 8, 2026 | CVE

A vulnerability categorized as critical has been discovered in Wavlink NU516U1 M16U1_V240425. This affects the function wifi_region of the file /cgi-bin/adm.cgi. Such manipulation of the argument skiplist1/skiplist2 leads to os command injection.

This vulnerability is uniquely identified as CVE-2026-8191. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure.

CVE-2026-8191 | Wavlink NU516U1 M16U1_V240425 /cgi-bin/adm.cgi wifi_region skiplist1/skiplist2 os command injection

Post correlati

CVE-2022-48771 | Linux Kernel up to 5.16.3 File Descriptor put_unused_fd file descriptor consumption

CVE-2024-11289 | pencidesign Soledad Plugin up to 8.5.9 on WordPress filename control

CVE-2026-0797 | GIMP ICO File Parser heap-based overflow

CVE-2024-7093 | Netflix Dispatch 20230817 Jinja Message Template code injection (nflx-2024-003)