Haimianbaobao

**Name of the Vulnerable Software and Affected Versions** Wavlink WL-NU516U1 version 260227 **Description** A stack-based buffer overflow exists in the `ftext` function of the `/cgi-bin/nas.cgi` file in Wavlink WL-NU516U1. The issue is triggered by manipulating the `Content-Length` argument, allowing for remote exploitation. The exploit has been publicly released. The vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wavlink NU516U1 251208 (affected versions not specified) **Description** A flaw exists in the function `sub 405B2C` within the file `/cgi-bin/firewall.cgi`. This issue allows for command injection and can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** Upgrade the affected component to a fixed version.

**Name of the Vulnerable Software and Affected Versions** Wavlink NU516U1 version 251208 **Description** A flaw exists in the Wavlink NU516U1 device, specifically within the `/cgi-bin/login.cgi` file. Manipulation of the `ipaddr` argument in this file can lead to an out-of-bounds write condition, potentially allowing for remote code execution. The vulnerable function is `sub 401A10`. This issue is network-accessible and does not require authentication. A public proof-of-concept exploit is available. Successful exploitation could allow attackers to gain full control of the device and potentially pivot into internal networks. **Recommendations** Upgrade the affected component to a fixed version.

**Name of the Vulnerable Software and Affected Versions** Wavlink WL-NU516U1 version V240425 **Description** A command injection issue exists in the OTA Online Upgrade component of the Wavlink WL-NU516U1 V240425. The issue is located in the `sub 405AF4` function of the `/cgi-bin/adm.cgi` file. Manipulation of the `firmware url` argument can lead to command injection. This allows for remote exploitation. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wavlink WL-NU516U1 version V240425 **Description** A stack-based buffer overflow exists in the function `sub 401A0C` within the file `/cgi-bin/login.cgi`. Manipulation of the `ipaddr` argument can trigger this issue, allowing for remote exploitation. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wavlink WL-NU516U1 versions up to 20251208 **Description** A flaw exists in Wavlink WL-NU516U1 that could allow for remote command injection. The issue is located in the `singlePortForwardDelete` function within the `/cgi-bin/firewall.cgi` file. Manipulation of the `del flag` argument can trigger the issue. The exploit has been published. **Recommendations** Versions up to 20251208 should be updated when a fix becomes available. As a temporary workaround, consider restricting access to the `/cgi-bin/firewall.cgi` file.

**Name of the Vulnerable Software and Affected Versions** Wavlink WL-NU516U1 versions up to 130/260 **Description** A security issue exists in Wavlink WL-NU516U1. Manipulation of the `firmware url` argument within the `sub 406194` function of the `/cgi-bin/adm.cgi` file can lead to a stack-based buffer overflow. This can be exploited remotely. The details of the exploit have been publicly disclosed. The vendor was informed of this issue but did not provide a response. **Recommendations** Versions up to 130/260: Avoid using the `firmware url` parameter in the `/cgi-bin/adm.cgi` endpoint.

**Name of the Vulnerable Software and Affected Versions** Wavlink WL-NU516U1 version 20251208 **Description** A stack-based buffer overflow exists in the `sub 401218` function of the `/cgi-bin/nas.cgi` file. The issue is triggered by manipulating the `User1Passwd` argument. This allows for remote attacks. A public exploit is available. **Recommendations** Restrict access to the `/cgi-bin/nas.cgi` file. Avoid manipulating the `User1Passwd` argument. As a temporary workaround, consider restricting admin access.

**Name of the Vulnerable Software and Affected Versions** Wavlink WL-NU516U1 version 20251208 **Description** A flaw exists in the function `sub 40785C` of the file '/cgi-bin/adm.cgi'. Manipulation of the `time zone` argument leads to a stack-based buffer overflow. This can be triggered remotely and is considered to have high complexity, though exploitation is difficult. The exploit has been publicly released. The vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.