CVE-2025-10963 Wavlink NU516U1 firewall.cgi sub_4016F0 command injection

A security flaw has been discovered in Wavlink NU516U1 M16U1V240425. Affected is the function sub4016F0 of the file /cgi-bin/firewall.cgi. The manipulation of the argument delflag results in command injection. It is possible to launch the attack remotely. The exploit has been released to the publ...

CVE-2025-10959

The CVE-2025-10959 affects Wavlink NU516U1 M16U1_V240425, with the vulnerability located in the /cgi-bin/firewall.cgi file, specifically the sub_401778 function where manipulation of the dmz_flag argument enables remote command injection. The issue is exploitable over the network with low attack ...

Wavlink NU516U1 命令注入漏洞

Wavlink NU516U1 is a wireless print server from China Ruiyin Wavlink. A command injection vulnerability exists in the Wavlink NU516U1 M16U1V240425, which originates from a misbehavior of the function sub4016F0 in the file /cgi-bin/firewall.cgi with respect to the parameter delflag, which could le...

PT-2025-39441

Name of the Vulnerable Software and Affected Versions Wavlink NU516U1 M16U1 V240425 Description A security flaw exists in the Wavlink NU516U1 M16U1 V240425. The issue is due to command injection in the /cgi-bin/firewall.cgi file, specifically within the sub 4016F0 function. Manipulation of the de...

Wavlink NU516U1 命令注入漏洞

Wavlink NU516U1 is a wireless print server from China RuiYin Wavlink Company. A command injection vulnerability exists in the Wavlink NU516U1, which originates from the incorrect operation of the function sub401B30 in the file /cgi-bin/firewall.cgi on the parameter remoteManagementEnabled, which...

Wavlink WL-WN578W2 sub_401C5C function command injection vulnerability

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. Wavlink WL-WN578W2 221110 version exists a command injection vulnerability, the vulnerability stems from the parameter pingFrmWANFilterEnabled/blockSynFloodEnabled/blockPortScanEnabled/remoteManagementEnabled of the function...

CVE-2025-10324

A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects the function sub401C5C of the file firewall.cgi. This manipulation of the argument pingFrmWANFilterEnabled/blockSynFloodEnabled/blockPortScanEnabled/remoteManagementEnabled causes command injection. It is possible to initia...

CVE-2025-10324

CVE-2025-10324 affects Wavlink WL-WN578W2 (firmware variant 221110). The vulnerability resides in the firewall.cgi file, within the sub_401C5C function, where manipulating the arguments pingFrmWANFilterEnabled, blockSynFloodEnabled, blockPortScanEnabled, or remoteManagementEnabled enables arbitra...

CVE-2025-10324 Wavlink WL-WN578W2 firewall.cgi sub_401C5C command injection

A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects the function sub401C5C of the file firewall.cgi. This manipulation of the argument pingFrmWANFilterEnabled/blockSynFloodEnabled/blockPortScanEnabled/remoteManagementEnabled causes command injection. It is possible to initia...

Wavlink WL-WN578W2 命令注入漏洞

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. Wavlink WL-WN578W2 221110 version exists a command injection vulnerability, the vulnerability stems from the parameter pingFrmWANFilterEnabled/blockSynFloodEnabled/blockPortScanEnabled/remoteManagementEnabled of the function...

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization. It is primarily used as a router and firewall. A security vulnerability exists in IPFire version 2.29 that stems from firewall.cgi not cleaning up multiple rule parameters, which could lead to a stored cross-site scripting...

CVE-2025-44882

A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input...

WAVLINK WL-WN579A3 安全漏洞

WAVLINK WL-WN579A3 is a high performance dual-band wireless card from China RuiYin WAVLINK. The WAVLINK WL-WN579A3 suffers from a command injection vulnerability that originates from unfiltered input in the /cgi-bin/firewall.cgi component, which can be exploited by an attacker to submit a special...

CVE-2024-39367

An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

PT-2025-2543 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: A command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun functionality. This allows an attacker to execute arbitrary code by making a specially crafted HTTP...

CVE-2024-10428

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function setipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be initiated remotely. The...

CVE-2024-10428 WAVLINK WN530H4/WN530HG4/WN572HG3 firewall.cgi set_ipv6 command injection

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function setipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be initiated remotely. The...

WAVLINK多款产品 命令注入漏洞

WAVLINK WN530HG4 and others are products of China RuiYin WAVLINK Company.WAVLINK WN530HG4 is a wireless router.WAVLINK WN530H4 is a router.WAVLINK WN572HG3 is a wireless router. A command injection vulnerability exists in several WAVLINK products. The vulnerability stems from the parameter...

CVE-2022-35521

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which leads to command injection in page /mansecurity.shtml...

Command injection

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which leads to command injection in page /mansecurity.shtml...