CVE-2026-4166

Name of the Vulnerable Software and Affected Versions Wavlink WL-NU516U1 version 240425

Description A security issue exists in Wavlink WL-NU516U1. The issue is related to cross site scripting, which can be triggered by manipulating the homepage/hostname argument in the /cgi-bin/login.cgi file. The vulnerable element is the sub 404F68 function. The attack can be launched remotely. The exploit has been made public.

Recommendations Versions prior to 240425 should be updated. As a temporary workaround, consider restricting access to the /cgi-bin/login.cgi file to minimize the risk of exploitation.