CVE-2025-10775

Name of the Vulnerable Software and Affected Versions: Wavlink WL-NU516U1 version 240425

Description: A security issue has been identified in the sub 4012A0 function of the /cgi-bin/login.cgi file. Manipulation of the ipaddr argument can lead to operating system command injection. This attack is possible remotely. The exploit has been publicly disclosed.

Recommendations: As a temporary workaround, consider restricting access to the /cgi-bin/login.cgi file until a resolution is available. Avoid using the ipaddr parameter in the /cgi-bin/login.cgi endpoint until the issue is resolved.