CVE-2026-8230 | Wavlink NU516U1 240425 /cgi-bin/login.cgi sys_login1 ipaddr os command injection

Inserito da Angelo Barbosa | Mag 9, 2026 | CVE

A vulnerability classified as critical was found in Wavlink NU516U1 240425. The impacted element is the function sys_login1 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to os command injection.

This vulnerability is handled as CVE-2026-8230. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure.

CVE-2026-8230 | Wavlink NU516U1 240425 /cgi-bin/login.cgi sys_login1 ipaddr os command injection

Post correlati

CVE-2024-13622 | imagisol File Uploads Addon for WooCommerce Plugin up to 1.7.1 on WordPress /wp-content/uploads information disclosure

CVE-2024-8342 | SourceCodester Petshop Management System 1.0 add_client.php image_profile unrestricted upload

CVE-2026-8274 | npitre cramfs-tools up to 2.1 Directory cramfsck.c do_directory path traversal

CVE-2024-30736 | ROS Kinetic Kame Inter-Process Communication deserialization