CVE-2026-8190

A vulnerability was determined in Wavlink NU516U1 M16U1 V240425. Affected by this issue is the function wan of the file /cgi-bin/adm.cgi. This manipulation of the argument ppp username/ppp passwd/rwan ip/rwan mask/rwan gateway is directly passed by the attacker/so we can control the ppp username/ppp passwd/rwan ip/rwan mask/rwan gateway causes os command injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.