Vulnerability Description
A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the function sub_40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument time_zone causes stack-based buffer overflow. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wavlink | Wl-Nu516U1 Firmware | <= 2025-12-08 |
| Wavlink | Wl-Nu516U1 | - |
Related Weaknesses (CWE)
References
- https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/time_zone.mdExploitThird Party Advisory
- https://vuldb.com/?ctiid.346172Permissions RequiredVDB Entry
- https://vuldb.com/?id.346172Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.751133Third Party AdvisoryVDB Entry
FAQ
What is CVE-2026-2565?
CVE-2026-2565 is a vulnerability with a CVSS score of 6.6 (MEDIUM). A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the function sub_40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument time_zone causes stack-...
How severe is CVE-2026-2565?
CVE-2026-2565 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-2565?
Check the references section above for vendor advisories and patch information. Affected products include: Wavlink Wl-Nu516U1 Firmware, Wavlink Wl-Nu516U1.