Wavlink · Wavlink Wl-Nu516U1 · CVE-2025-10775
Name of the Vulnerable Software and Affected Versions:
Wavlink WL-NU516U1 version 240425
Description:
A security issue has been identified in the `sub 4012A0` function of the `/cgi-bin/login.cgi` file. Manipulation of the `ipaddr` argument can lead to operating system command injection. This attack is possible remotely. The exploit has been publicly disclosed.
Recommendations:
As a temporary workaround, consider restricting access to the `/cgi-bin/login.cgi` file until a resolution is available.
Avoid using the `ipaddr` parameter in the `/cgi-bin/login.cgi` endpoint until the issue is resolved.