EUVD-2026-40036

A vulnerability was determined in Wavlink WL-NU516U1-A M16U1V240425. The affected element is the function sub401D68 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. This manipulation of the argument SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 causes command injection. Remote...

CVE-2026-13539

The CVE concerns Wavlink WL-NU516U1-A M16U1_V240425. The vulnerable component is the POST Parameter Handler in /cgi-bin/wireless.cgi, specifically function sub_407504, where manipulation of Guest_ssid causes a stack-based buffer overflow. This can be triggered remotely; exploitation is publicly a...

CVE-2026-13538

The CVE concerns Wavlink WL-NU516U1-A (M16U1_V240425) with a vulnerability in /cgi-bin/wireless.cgi, function sub_401D68, within the POST Parameter Handler. Manipulating arguments SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 leads to command injection. Remote exploitation is possible, and an exploit has ...

ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure

ADB formerly Pirelli Broadband Solutions P.DGA4001N router with firmware PDGTEFSP4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service device restart as demonstrated by a direct request to 1...

Netgear-WN604 downloadFile.php - Information Disclosure

There is an information leakage vulnerability in the downloadFile.php interface of Netgear WN604. A remote attacker using file authentication can use this vulnerability to obtain the administrator account and password information of the wireless router, causing the router's background to be...

Lantronix PremierWave 2050 8.9.0.0R4 - Remote Command Injection

Lantronix PremierWave 2050 8.9.0.0R4 contains an OS command injection vulnerability. A specially-crafted HTTP request can lead to command in the Web Manager Wireless Network Scanner. An attacker can make an authenticated HTTP request to trigger this vulnerability. id: CVE-2021-21881 info: name:...

Cisco IOS XE WLC - Arbitrary File Upload

A vulnerability in the Out-of-Band Access Point AP Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.This vulnerability is due to the presence of a hard-coded JSON Web...

Wireless Multiplex Terminal Playout Server <=20.2.8 - Default Credential Detection

Wireless Multiplex Terminal Playout Server =20.2.8 has a default account with a password of pokon available via its web administrative interface. id: CVE-2020-35338 info: name: Wireless Multiplex Terminal Playout Server =20.2.8 - Default Credential Detection author: Jeya Seelan severity: critical...

Acexy Wireless-N WiFi Repeater REV 1.0 - Repeater Password Disclosure

Acexy Wireless-N WiFi Repeater REV 1.0 is vulnerable to password disclosure because the password.html page of the web management interface contains the administrator account password in plaintext. id: CVE-2021-28937 info: name: Acexy Wireless-N WiFi Repeater REV 1.0 - Repeater Password Disclosure...

wifi: nl80211: reject oversized EMA RNR lists

...

CVE-2026-53103

A flaw was found in the Linux kernel's Wi-Fi subsystem, specifically within the mt7925rocabortsync function. This vulnerability can lead to a deadlock condition when rocabortsync attempts to cancel a work item rocwork while rocwork is already holding a mutex. This situation can occur during Wi-Fi...

CVE-2026-53182

A flaw was found in the Linux kernel's nl80211 Wi-Fi subsystem. The nl80211parsernrelems function, responsible for parsing EMA RNR Enhanced Multiple Access Reduced Neighbor Report lists, does not properly handle an excessive number of nested NL80211ATTREMARNRELEMS inputs. This improper input...

CVE-2026-53112

A flaw was found in the Linux kernel's rtlwifi PCI driver. This vulnerability, a use-after-free, occurs when a rtlwifi wireless card is detached or fails to initialize, and a related background task is not properly shut down. This can lead to the system attempting to access memory that has alread...

CVE-2026-53105

A flaw was found in the Linux kernel's Wi-Fi subsystem, specifically within the mt76: mt7925 driver. This vulnerability occurs due to a missing check for a NULL 'vif' Virtual Interface before it is accessed. An attacker could potentially trigger a kernel panic by exploiting scenarios where the...

CVE-2026-53182

CVE-2026-53182 affects the Linux kernel nl80211: rejects oversized EMA RNR lists in nl80211_parse_rnr_elems, using a u8 counter and capping at 255 to align with the underlying data structure. Several advisories (Red Hat, Debian family, Ubuntu OSV entries, and Root) confirm patches are released in...

EUVD-2026-38980

In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irqpreparebcntasklet The irqpreparebcntasklet is initialized in rtlpciinit and scheduled when RTLIMRBCNINT interrupt is triggered by hardware. But it is never...

EUVD-2026-38972

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix memory leak destroying device All MT76 rx queues have an associated pagepool even if the queue is not associated to a NAPI e.g. WED RRO queues with WED enabled. Destroy the pagepool running mt76dmacleanup routine...

EUVD-2026-38970

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix memory leak after mt76connacmcuallocstareq mt76connacmcuallocstareq allocates an skb which is expected to be freed eventually by mt76mcuskbsendmsg. However, currently if an intermediate function fails before...

kernel: wifi: mac80211: drop stray 'static' from fast-RX rx_result

A flaw was found in the Linux kernel's Wi-Fi mac80211 subsystem. The ieee80211invokefastrx function uses a static variable for rxresult, which is shared across concurrent calls. This can lead to incorrect processing of Wi-Fi packets, where a packet might be mishandled or its status incorrectly...

kernel: wifi: mac80211: remove station if connection prep fails

A flaw was found in the Linux kernel's mac80211 Wi-Fi subsystem. When Multi-Link Operation MLO connection preparation fails, the system may not correctly remove the associated station. This can lead to a use-after-free or double-free vulnerability in the debugfs component, potentially causing...