Wavlink NU516U1 login.cgi sys_login1 os command injection_CVE-2026-8230

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in Wavlink NU516U1 240425. The impacted element is the function sys_login1 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure.

Basic Information

ID CVE-2026-8230

Source VulDB

Published May 10, 2026 at 04:30

Affected Product

Vendor Wavlink

Product NU516U1

Version 240425

Affected Versions Wavlink NU516U1 240425

CWE Classification

CWE-78 CWE-77

References

{
    "lastseen": "",
    "description": "A flaw has been found in Wavlink NU516U1 240425. The impacted element is the function sys_login1 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure.",
    "published": "2026-05-10T04:30:09.029Z",
    "modified": "2026-05-10T04:30:09.029Z",
    "type": "cve",
    "title": "Wavlink NU516U1 login.cgi sys_login1 os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/362447\nhttps://vuldb.com/vuln/362447/cti\nhttps://vuldb.com/submit/800735\nhttps://github.com/wudipjq/my_vuln/blob/main/Wavlink/vuln_9/9.md",
    "id": "CVE-2026-8230",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "Wavlink NU516U1 240425",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "NU516U1",
    "version": "240425",
    "vendor": "Wavlink",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}