Primary

Context

Wavlink NU516U1 Command Injection Vulnerability in Wireless CGI DeleteMac Page

Vulnerability

A command injection vulnerability has been identified in the Wavlink NU516U1 router, specifically in the firmware version M16U1_V240425. The issue arises in the DeleteMac page within the wireless.cgi file, where the delete_list parameter can be manipulated to execute arbitrary commands. This vulnerability can be exploited remotely, and a public proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected device.

Reproduction

To reproduce this vulnerability, send a POST request to the /cgi-bin/wireless.cgi endpoint with the page parameter set to DeleteMac. Include a crafted delete_list parameter that contains the desired command to be executed. The command injection occurs when the delete_list parameter is processed by the vulnerable sub_402D1C function, which passes the command to the system function for execution.

Added: Sep 25, 2025, 6:23 PM

Updated: Sep 25, 2025, 6:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

0.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

0.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Wavlink NU516U1 Command Injection Vulnerability in Wireless CGI DeleteMac Page

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating