CVE-2026-4861

A weakness has been identified in Wavlink WL-NU516U1 260227. This vulnerability affects the function ftext of the file /cgi-bin/nas.cgi. This manipulation of the argument Content-Length causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available t...

CVE-2026-2567 Wavlink WL-NU516U1 nas.cgi sub_401218 stack-based overflow

A vulnerability was detected in Wavlink WL-NU516U1 20251208. This vulnerability affects the function sub401218 of the file /cgi-bin/nas.cgi. Performing a manipulation of the argument User1Passwd results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now publi...

CVE-2026-2567

CVE-2026-2567 affects the Wavlink WL-NU516U1 with firmware 20251208. The vulnerability is in the CGI handler /cgi-bin/nas.cgi, function sub_401218, where manipulating the User1Passwd argument causes a stack-based buffer overflow. This can be triggered remotely and the exploit is public. Impact as...

WAVLINK WL-NU516U1 缓冲区错误漏洞

WAVLINK WL-NU516U1 is a wireless print server developed by WAVLINK Corporation. The Wavlink WL-NU516U1 20251208 version contains a buffer error vulnerability. This vulnerability stems from incorrect handling of the parameter User1Passwd in the file/cgi-bin/nas.cgi, which may lead to a stack buffe...

The vulnerability of the set_ftp_cfg() function in the nas.cgi script of the Wavlink AC3000 router’s microprogramming system allows a hacker to circumvent existing security restrictions.

The vulnerability of the setftpcfg function in the nas.cgi script of the Wavlink AC3000 WL-WN533A8 router’s microprogramming system is related to errors in system configuration or settings. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions by...

The vulnerability of the add_dir() function in the nas.cgi script of the Wavlink AC3000 router’s microprogramming system allows a hacker to circumvent existing security restrictions.

The vulnerability of the adddir function in the nas.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to bypass existing security...

The vulnerability of the set_ftp_cfg() function in the nas.cgi script of the Wavlink AC3000 router’s microprogramming system allows a hacker to circumvent existing security restrictions.

The vulnerability of the setftpcfg function in the nas.cgi script of the Wavlink AC3000 WL-WN533A8 router’s microprogramming system is related to errors in system configuration or settings. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions by sending...

The vulnerability of the add_dir() function in the nas.cgi script of the Wavlink AC3000 router’s microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the adddir function in the nas.cgi script of the Wavlink AC3000 WL-WN533A8 router’s microprogramming system is related to the failure to take measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sendi...

PT-2025-2546 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: A vulnerability exists in the set nas function of nas.cgi, allowing for external configuration control. This can be exploited through a specially crafted HTTP request, potentially leading...