CVE-2025-10958 Wavlink NU516U1 AddMac wireless.cgi sub_403010 command injection

A flaw has been found in Wavlink NU516U1 M16U1V240425. Impacted is the function sub403010 of the file /cgi-bin/wireless.cgi of the component AddMac Page. This manipulation of the argument macAddr causes command injection. Remote exploitation of the attack is possible. The exploit has been publish...

CVE-2025-10958

The CVE-2025-10958 issue affects Wavlink NU516U1 M16U1_V240425, specifically the AddMac Page’s /cgi-bin/wireless.cgi, function sub_403010. The vulnerability stems from manipulating the macAddr argument, leading to command injection. Remote exploitation is possible, and an exploit has been publish...

CVE-2025-10958 Wavlink NU516U1 AddMac wireless.cgi sub_403010 command injection

A flaw has been found in Wavlink NU516U1 M16U1V240425. Impacted is the function sub403010 of the file /cgi-bin/wireless.cgi of the component AddMac Page. This manipulation of the argument macAddr causes command injection. Remote exploitation of the attack is possible. The exploit has been publish...

Wavlink NU516U1 命令注入漏洞

Wavlink NU516U1 is a wireless print server from China Ruiyin Wavlink. A command injection vulnerability exists in the Wavlink NU516U1 M16U1V240425 version, which stems from incorrect operation of the parameter deletelist of the component DeleteMac Page in the file /cgi-bin/wireless.cgi, which cou...

Wavlink NU516U1 命令注入漏洞

Wavlink NU516U1 is a wireless print server from China Ruiyin Wavlink. A command injection vulnerability exists in the Wavlink NU516U1 M16U1V240425 version, which stems from incorrect operation of the parameter deletelist in the file /cgi-bin/wireless.cgi, which can lead to command injection...

Wavlink NU516U1 命令注入漏洞

Wavlink NU516U1 is a wireless print server from China Ruiyin Wavlink. A command injection vulnerability exists in the Wavlink NU516U1 M16U1V240425 version, which stems from the incorrect operation of the parameter mac5g in the file /cgi-bin/wireless.cgi, which could lead to a remote command...

Wavlink NU516U1 命令注入漏洞

Wavlink NU516U1 is a wireless print server from China Ruiyin Wavlink. A command injection vulnerability exists in the Wavlink NU516U1 M16U1V240425 version, which stems from a misuse of the parameter macAddr in the file /cgi-bin/wireless.cgi, which could lead to a command injection attack...

PT-2025-39431

Name of the Vulnerable Software and Affected Versions Wavlink NU516U1 M16U1 V240425 Description A flaw exists in the function sub 403010 of the file /cgi-bin/wireless.cgi within the AddMac Page component. Manipulation of the macAddr argument can lead to command injection. Remote exploitation is...

PT-2025-39435

Name of the Vulnerable Software and Affected Versions Wavlink NU516U1 M16U1 V240425 Description A flaw exists in the function sub 402D1C within the /cgi-bin/wireless.cgi file, specifically in the DeleteMac Page component. Manipulation of the delete list argument can lead to command injection. Thi...

Wavlink WL-WN578W2 sub_404DBC Function OS Command Injection Vulnerability

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. The Wavlink WL-WN578W2 221110 version has an operating system command injection vulnerability, which originates from the parameter macAddr in the sub404DBC function of the file /cgi-bin/wireless.cgi that fails to correctly filter...

CVE-2025-10359 Wavlink WL-WN578W2 wireless.cgi sub_404DBC os command injection

A vulnerability was detected in Wavlink WL-WN578W2 221110. This impacts the function sub404DBC of the file /cgi-bin/wireless.cgi. The manipulation of the argument macAddr results in os command injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor wa...

CVE-2025-10359

CVE-2025-10359 affects Wavlink WL-WN578W2 (firmware 221110). The vulnerability resides in the function sub_404DBC within /cgi-bin/wireless.cgi, where manipulating the macAddr argument leads to an OS command injection . This can be exploited remotely and, per sources, the exploit is publicly avail...

CVE-2025-10358

A security vulnerability has been detected in Wavlink WL-WN578W2 221110. This affects the function sub404850 of the file /cgi-bin/wireless.cgi. The manipulation of the argument deletelist leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly...

CVE-2025-10358

Wavlink WL-WN578W2 (firmware 221110) exposes an OS command injection in /cgi-bin/wireless.cgi via the delete_list argument in function sub_404850. This remote vulnerability allows arbitrary command execution and has public PoC/disclosures. Multiple sources describe the root cause as improper filt...

CVE-2025-10358 Wavlink WL-WN578W2 wireless.cgi sub_404850 os command injection

A security vulnerability has been detected in Wavlink WL-WN578W2 221110. This affects the function sub404850 of the file /cgi-bin/wireless.cgi. The manipulation of the argument deletelist leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly...

CVE-2025-10358 Wavlink WL-WN578W2 wireless.cgi sub_404850 os command injection

A security vulnerability has been detected in Wavlink WL-WN578W2 221110. This affects the function sub404850 of the file /cgi-bin/wireless.cgi. The manipulation of the argument deletelist leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly...

Wavlink WL-WN578W2 操作系统命令注入漏洞

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. An operating system command injection vulnerability exists in Wavlink WL-WN578W2 version 221110, which originates from the parameter deletelist in the function sub404850 in the file /cgi-bin/wireless.cgi that fails to correctly...

Wavlink WL-WN578W2 操作系统命令注入漏洞

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. The Wavlink WL-WN578W2 221110 version has an operating system command injection vulnerability, which originates from the parameter macAddr in the sub404DBC function of the file /cgi-bin/wireless.cgi that fails to correctly filter...

PT-2025-37366

Name of the Vulnerable Software and Affected Versions: Wavlink WL-WN578W2 version 221110 Description: A security issue has been identified in Wavlink WL-WN578W2. Manipulation of the delete list argument in the /cgi-bin/wireless.cgi file’s sub 404850 function can lead to operating system command...

CVE-2025-9149

A vulnerability was determined in Wavlink WL-NU516U1 M16U1V240425. This impacts the function sub4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guestssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...