Vulnerability Description
A vulnerability was detected in Wavlink WL-NU516U1 20251208. This vulnerability affects the function sub_401218 of the file /cgi-bin/nas.cgi. Performing a manipulation of the argument User1Passwd results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wavlink | Wl-Nu516U1 Firmware | <= 2025-12-08 |
| Wavlink | Wl-Nu516U1 | - |
Related Weaknesses (CWE)
References
- https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/nas.cgi_User1PasswExploitThird Party Advisory
- https://vuldb.com/?ctiid.346174Permissions RequiredVDB Entry
- https://vuldb.com/?id.346174Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.752016Third Party AdvisoryVDB Entry
FAQ
What is CVE-2026-2567?
CVE-2026-2567 is a vulnerability with a CVSS score of 7.2 (HIGH). A vulnerability was detected in Wavlink WL-NU516U1 20251208. This vulnerability affects the function sub_401218 of the file /cgi-bin/nas.cgi. Performing a manipulation of the argument User1Passwd resu...
How severe is CVE-2026-2567?
CVE-2026-2567 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-2567?
Check the references section above for vendor advisories and patch information. Affected products include: Wavlink Wl-Nu516U1 Firmware, Wavlink Wl-Nu516U1.