CVE-2025-10963

A security flaw has been discovered in Wavlink NU516U1 M16U1V240425. Affected is the function sub4016F0 of the file /cgi-bin/firewall.cgi. The manipulation of the argument delflag results in command injection. It is possible to launch the attack remotely. The exploit has been released to the publ...

CVE-2025-10963 Wavlink NU516U1 firewall.cgi sub_4016F0 command injection

A security flaw has been discovered in Wavlink NU516U1 M16U1V240425. Affected is the function sub4016F0 of the file /cgi-bin/firewall.cgi. The manipulation of the argument delflag results in command injection. It is possible to launch the attack remotely. The exploit has been released to the publ...

CVE-2025-10963 Wavlink NU516U1 firewall.cgi sub_4016F0 command injection

A security flaw has been discovered in Wavlink NU516U1 M16U1V240425. Affected is the function sub4016F0 of the file /cgi-bin/firewall.cgi. The manipulation of the argument delflag results in command injection. It is possible to launch the attack remotely. The exploit has been released to the publ...

CVE-2025-10960

A vulnerability was found in Wavlink NU516U1 M16U1V240425. The impacted element is the function sub402D1C of the file /cgi-bin/wireless.cgi of the component DeleteMac Page. Performing manipulation of the argument deletelist results in command injection. The attack is possible to be carried out...

CVE-2025-10960

A vulnerability was found in Wavlink NU516U1 M16U1V240425. The impacted element is the function sub402D1C of the file /cgi-bin/wireless.cgi of the component DeleteMac Page. Performing manipulation of the argument deletelist results in command injection. The attack is possible to be carried out...

CVE-2025-10959

A vulnerability has been found in Wavlink NU516U1 M16U1V240425. The affected element is the function sub401778 of the file /cgi-bin/firewall.cgi. Such manipulation of the argument dmzflag leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public...

CVE-2025-10960

CVE-2025-10960 affects Wavlink NU516U1 M16U1_V240425. The vulnerability resides in the DeleteMac Page’s /cgi-bin/wireless.cgi, specifically the function sub_402D1C, where manipulating the delete_list argument enables remote command injection. Public exploit details exist; exploitation is describe...

CVE-2025-10959 Wavlink NU516U1 firewall.cgi sub_401778 command injection

A vulnerability has been found in Wavlink NU516U1 M16U1V240425. The affected element is the function sub401778 of the file /cgi-bin/firewall.cgi. Such manipulation of the argument dmzflag leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public...

CVE-2025-10958 Wavlink NU516U1 AddMac wireless.cgi sub_403010 command injection

A flaw has been found in Wavlink NU516U1 M16U1V240425. Impacted is the function sub403010 of the file /cgi-bin/wireless.cgi of the component AddMac Page. This manipulation of the argument macAddr causes command injection. Remote exploitation of the attack is possible. The exploit has been publish...

PT-2025-39442

Name of the Vulnerable Software and Affected Versions Wavlink NU516U1 affected versions not specified Description A flaw exists in the Wavlink NU516U1 device. The issue is related to the manipulation of the remoteManagementEnabled argument within the sub 401B30 function of the /cgi-bin/firewall.c...

PT-2025-39438

Name of the Vulnerable Software and Affected Versions Wavlink NU516U1 M16U1 V240425 affected versions not specified Description A flaw exists in the SetName Page component of the Wavlink NU516U1 M16U1 V240425. The issue resides within the sub 403198 function of the /cgi-bin/wireless.cgi file...

Wavlink NU516U1 命令注入漏洞

Wavlink NU516U1 is a wireless print server from China Ruiyin Wavlink. A command injection vulnerability exists in the Wavlink NU516U1 M16U1V240425, which originates from a misbehavior of the function sub4016F0 in the file /cgi-bin/firewall.cgi with respect to the parameter delflag, which could le...

PT-2025-39441

Name of the Vulnerable Software and Affected Versions Wavlink NU516U1 M16U1 V240425 Description A security flaw exists in the Wavlink NU516U1 M16U1 V240425. The issue is due to command injection in the /cgi-bin/firewall.cgi file, specifically within the sub 4016F0 function. Manipulation of the de...

PT-2025-39432

Name of the Vulnerable Software and Affected Versions Wavlink NU516U1 M16U1 V240425 Description A flaw exists that allows for remote command injection. The issue is located in the sub 401778 function within the /cgi-bin/firewall.cgi file. Manipulation of the dmz flag argument can trigger the flaw...

CVE-2025-10814

A vulnerability was determined in D-Link DIR-823X 240126/240802/250416. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/goahead. This manipulation of the argument port causes command injection. The attack can be initiated remotely. The exploit has been publicly...

CVE-2025-10774

A weakness has been identified in Ruijie 6000-E10 up to 2.4.3.6-20171117. This affects an unknown part of the file /view/vpn/autovpn/subcommit.php. This manipulation of the argument key causes os command injection. It is possible to initiate the attack remotely. The exploit has been made availabl...

CVE-2025-10775

A security vulnerability has been detected in Wavlink WL-NU516U1 240425. This vulnerability affects the function sub4012A0 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to os command injection. It is possible to launch the attack remotely. The exploit has been...

PT-2025-40808

Name of the Vulnerable Software and Affected Versions Belkin F9K1015 version 1.00.10 Description A flaw exists in Belkin F9K1015 version 1.00.10 that allows for command injection. This occurs through manipulation of the wan ipaddr argument within an unknown function of the...

VulnCheck KEV: CVE-2025-7414

A vulnerability classified as critical was found in Tenda O3V2 1.0.0.123880. This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument domain leads to os command injection. The attack can be initiated remotely...

CVE-2025-10814

A vulnerability was determined in D-Link DIR-823X 240126/240802/250416. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/goahead. This manipulation of the argument port causes command injection. The attack can be initiated remotely. The exploit has been publicly...