CVE-2025-10960

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Wavlink NU516U1 M16U1 V240425

Description A flaw exists in the function sub 402D1C within the /cgi-bin/wireless.cgi file, specifically in the DeleteMac Page component. Manipulation of the delete list argument can lead to command injection. This issue is remotely exploitable, and details about the exploit have been publicly released. The vendor was notified but did not respond.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Command Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-74

Related Identifiers

BDU:2025-16412

CVE-2025-10960

Affected Products

M16U1 V240425

Wavlink Nu516U1

CVE-2025-10960

Weakness Enumeration

Related Identifiers

Affected Products

References · 11