CVE-2026-2565
MEDIUMWavlink WL-NU516U1 20251208 - Buffer Overflow
Title source: llmDescription
A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the function sub_40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument time_zone causes stack-based buffer overflow. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Scores
CVSS v3
6.6
EPSS
0.0003
EPSS Percentile
8.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-121
CWE-119
Status
published
Affected Products (1)
wavlink/wl-nu516u1_firmware
< 2025-12-08
Timeline
Published
Feb 16, 2026
Tracked Since
Feb 18, 2026