CVE-2026-8192
Command Injection in Wavlink NU516U1 Router
Publication date: 2026-05-09
Last updated on: 2026-05-09
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wavlink | nu516u1 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability CVE-2026-8192 allows remote code execution on the affected Wavlink device, which can lead to unauthorized access to the device's operating system.
Such unauthorized access could potentially lead to data breaches or unauthorized data manipulation, which may impact compliance with data protection standards and regulations like GDPR or HIPAA.
However, the provided information does not explicitly describe the direct effects on compliance with these standards.
Can you explain this vulnerability to me?
CVE-2026-8192 is a Remote Command Execution (RCE) vulnerability in the Wavlink NU516U1 device, specifically in the wzdap function of the /cgi-bin/adm.cgi file.
The flaw occurs because the parameters EncrypType and wl_Pass are passed directly to the system without proper sanitization, allowing an attacker to inject malicious operating system commands.
For example, an attacker can set EncrypType to a command like 'telnetd -l /bin/sh -p 8892' to start a telnet server on the device, granting shell access remotely.
The attack is performed via a POST request to /cgi-bin/adm.cgi, enabling remote exploitation without user interaction.
How can this vulnerability impact me? :
This vulnerability allows an attacker to execute arbitrary commands on the affected device remotely.
Successful exploitation can lead to unauthorized access to the device's operating system, potentially allowing the attacker to control the device, steal data, or use it as a foothold for further attacks within a network.
Because the exploit is publicly available, the risk of attack is increased.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious POST requests to the endpoint /cgi-bin/adm.cgi that include manipulation of the EncrypType or wl_Pass parameters.
One way to detect exploitation attempts is to look for unusual commands being executed or network activity such as a telnet server running on port 8892, which is used in the proof-of-concept exploit.
- Use network monitoring tools or intrusion detection systems (IDS) to capture POST requests to /cgi-bin/adm.cgi and inspect the parameters for suspicious values.
- On the device, check for unexpected processes such as a telnet server running on port 8892: `netstat -an | grep 8892`
- Check running processes for suspicious commands: `ps aux | grep telnetd`
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable /cgi-bin/adm.cgi endpoint to trusted networks only.
Disable or block remote access to the device's administrative interface if not needed.
Monitor the device for signs of compromise such as unexpected open ports or running processes.
Apply any available patches or updates from the vendor once released.
As a temporary workaround, consider implementing input validation or filtering on the parameters EncrypType and wl_Pass to prevent command injection.