CVE-2026-8190 Wavlink NU516U1 adm.cgi wan os command injection

A vulnerability was determined in Wavlink NU516U1 M16U1V240425. Affected by this issue is the function wan of the file /cgi-bin/adm.cgi. This manipulation of the argument pppusername/ppppasswd/rwanip/rwanmask/rwangateway is directly passed by the attacker/so we can control the...

CVE-2026-8190

A vulnerability was determined in Wavlink NU516U1 M16U1V240425. Affected by this issue is the function wan of the file /cgi-bin/adm.cgi. This manipulation of the argument pppusername/ppppasswd/rwanip/rwanmask/rwangateway is directly passed by the attacker/so we can control the...

EUVD-2026-28918

A vulnerability was determined in Wavlink NU516U1 M16U1V240425. Affected by this issue is the function wan of the file /cgi-bin/adm.cgi. This manipulation of the argument pppusername/ppppasswd/rwanip/rwanmask/rwangateway is directly passed by the attacker/so we can control the...

CVE-2026-8190

The CVE-2026-8190 issue affects Wavlink NU516U1 M16U1_V240425, where the wan function in /cgi-bin/adm.cgi processes arguments ppp_username/ppp_passwd/rwan_ip/rwan_mask/rwan_gateway in a way that enables OS command injection. Remote exploitation is possible, and an exploit has been publicly disclo...

PT-2026-39401

A vulnerability was determined in Wavlink NU516U1 M16U1 V240425. Affected by this issue is the function wan of the file /cgi-bin/adm.cgi. This manipulation of the argument ppp username/ppp passwd/rwan ip/rwan mask/rwan gateway is directly passed by the attacker/so we can control the ppp...

CVE-2026-43081 net: ipa: fix GENERIC_CMD register field masks for IPA v5.0+

In the Linux kernel, the following vulnerability has been resolved: net: ipa: fix GENERICCMD register field masks for IPA v5.0+ Fix the field masks to match the hardware layout documented in downstream GSI GSIV30EEnGSIEEGENERICCMD. Notably this fixes a WARN I was seeing when I tried to send "stop...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the mismatch between the mask of the GENERICCMD register field in IPA v5.0+ and the hardware layout. Th...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by an error in the mask used by the nftsetpipapoavx2 function when matching expired entries, which may lead...

JLSEC-2026-423 curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the...

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-mtrace: prevents underflow in sofipc4prioritymaskdfswrite The “id” field comes from the user. The type of this field should be changed to unsigned to prevent an array underflow...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Power: Supply: ADP5061: Fix for out-of-bounds read in adp5061getchgtype The fields ADP5061CHGSTATUS and CHGSTATUS are masked with 0x07, which indicates a length of 8. However, the adp5061chgtype array has a size of 4. This may...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Sanitize numphys Information is stored in mrsasport-phymask. Values that are larger than the size of this field should not be allowed...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fixed the initialization of the device object in vmbusdeviceregister. Initialized the device’s dmamask,parms pointers and the device’s dmamask value before invoking deviceregister. This issue was addressed in...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: walking over the current view in netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot rely on this mechanism to infer which view o...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: perf/x86/intel: Fixed an access error when accessing the IA32PMCxCFGB MSRs When running perffuzzer on PTL, sometimes the “unchecked MSR access error” is observed when accessing the IA32PMCxCFGB MSRs. 55.611268 Unchecked MSR...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/i915/sseu: fixed an issue where the maxsubslices array-index-out-of-bounds access occurred. It appears that the commit bc3c5e0809ae “drm/i915/sseu: Do not attempt to store the EU mask internally in UAPI format” exposed a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mailbox: th1520: Fixed memory corruption caused by an incorrect array size. The functions th1520mboxsuspendnoirq and th1520mboxresumenoirq are intended to save and restore the interrupt mask registers in the MBOX ICU0. However, t...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: cpufreq: scpi: Fixed a nullptrderef in scpicpufreqgetrate. The cpufreqcpugetraw function may return NULL when the target CPU is not present in the policy-cpus mask. scpicpufreqgetrate does not check for this case, resulting in...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: enetc: An illegal access occurred when reading the affinityhint parameter. The irqsetaffinityhit function stores a reference to the cpumaskt parameter in the irqdescriptor. This reference can be accessed later from...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix OOB read If the index provided by the user is larger than the mask size, we might perform an out-of-bound read...