6.3 CVE-2025-9149
Exploit
A vulnerability was determined in Wavlink WL-NU516U1 M16U1_V240425. This impacts the function sub_4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guest_ssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
https://nvd.nist.gov/vuln/detail/CVE-2025-9149
Categories
CWE-74
CWE-77
References
cna@vuldb.com Exploit
| https://github.com/lin-3-start/lin-cve/blob/main/Wavlink/Wavlink.md Exploit Third Party Advisory |
| https://github.com/lin-3-start/lin-cve/blob/main/Wavlink/Wavlink.md#poc Exploit Third Party Advisory |
| https://vuldb.com/?ctiid.320528 Permissions Required VDB Entry |
| https://vuldb.com/?id.320528 Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.629181 Third Party Advisory VDB Entry |
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| AND | ||
| cpe:2.3:o:wavlink:wl-nu516u1_firmware:m16u1_v240425:*:*:*:*:*:*:* | ||
| Running on/with | ||
| cpe:2.3:h:wavlink:wl-nu516u1:-:*:*:*:*:*:*:* | ||
REMEDIATION
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
| Url |
|---|
Other Nist (github, ...)
| Url |
|---|
| https://github.com/lin-3-start/lin-cve/blob/main/Wavlink/Wavlink.md |
| https://github.com/lin-3-start/lin-cve/blob/main/Wavlink/Wavlink.md#poc |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| No entry | ||
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
