Wavlink NU516U1 firewall.cgi sub_401B30 command injection_CVE-2025-10964

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in Wavlink NU516U1. Affected by this vulnerability is the function sub_401B30 of the file /cgi-bin/firewall.cgi. This manipulation of the argument remoteManagementEnabled causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-10964

Source VulDB

Published Sep 25, 2025 at 19:32

Affected Product

Vendor Wavlink

Product NU516U1

Version n/a

Affected Versions Wavlink NU516U1 n/a

CWE Classification

CWE-77 CWE-74

References

{
    "lastseen": "",
    "description": "A weakness has been identified in Wavlink NU516U1. Affected by this vulnerability is the function sub_401B30 of the file /cgi-bin/firewall.cgi. This manipulation of the argument remoteManagementEnabled causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-09-25T19:32:05.493Z",
    "modified": "2025-09-25T19:32:05.493Z",
    "type": "cve",
    "title": "Wavlink NU516U1 firewall.cgi sub_401B30 command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.325832\nhttps://vuldb.com/?ctiid.325832\nhttps://vuldb.com/?submit.652785\nhttps://github.com/panda666-888/vuls/blob/main/wavlink/nu516u1/websSysFirewall.md\nhttps://github.com/panda666-888/vuls/blob/main/wavlink/nu516u1/websSysFirewall.md#poc",
    "id": "CVE-2025-10964",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "Wavlink NU516U1 n/a",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "NU516U1",
    "version": "n/a",
    "vendor": "Wavlink",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}