PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-8192 Vuldb CVE debrief

CVE-2026-8192 is a reported command-injection flaw in Wavlink NU516U1 M16U1_V240425, affecting the wzdap function in /cgi-bin/adm.cgi. The supplied disclosure says attacker-controlled EncrypType/wl_Pass input can lead to OS command injection, that the attack may be initiated remotely, and that a public exploit has been released. Even though the published severity is low, exposed devices should be reviewed promptly because remote reachability plus public exploit availability can increase real-world risk.

Vendor
Vuldb
Product
Unknown
CVSS
LOW 2.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-09
Original CVE updated
2026-05-09
Advisory published
2026-05-09
Advisory updated
2026-05-09

Who should care

Administrators and security teams responsible for Wavlink NU516U1 M16U1_V240425 devices, especially if the web management interface is reachable from untrusted networks. Internet-exposed appliances and environments that rely on these devices for edge connectivity should treat this as a priority review item.

Technical summary

The source description reports unsafe handling of attacker-controlled EncrypType/wl_Pass input in the wzdap function of /cgi-bin/adm.cgi, resulting in OS command injection. The CNA metadata associated with the NVD record classifies the issue under CWE-77 and CWE-78. The record was received by NVD on 2026-05-09, and the supplied description states that the vendor was contacted early and that a public exploit exists.

Defensive priority

Medium. The published CVSS severity is low, but the issue is described as remotely reachable and publicly exploitable. Prioritize validation and mitigation for any device that is exposed to the internet or accessible from less-trusted networks.

Recommended defensive actions

  • Identify whether any Wavlink NU516U1 M16U1_V240425 devices are deployed in your environment.
  • Check whether the management interface at /cgi-bin/adm.cgi is reachable from the internet or broad internal networks.
  • Restrict administrative access to trusted management networks only, and remove unnecessary external exposure.
  • Apply the vendor's remediation guidance or firmware updates once available through official channels.
  • If you cannot patch immediately, disable or tightly firewall the affected management interface and monitor for suspicious web-admin activity.
  • Review logs and configuration changes for signs of unexpected command execution or unauthorized admin actions.
  • Treat any public-facing instance as higher risk because the supplied disclosure notes a public exploit.

Evidence notes

All statements above are limited to the supplied source corpus and the linked official/reference records. The NVD-sourced metadata shows the CVE as received on 2026-05-09 with CNA references to a GitHub writeup and Vuldb pages. The provided description explicitly names Wavlink NU516U1 M16U1_V240425, the /cgi-bin/adm.cgi wzdap function, attacker-controlled EncrypType/wl_Pass input, remote attack potential, and public exploit availability. No KEV entry was supplied.

Official resources

Public disclosure was reflected in the supplied NVD-received record on 2026-05-09. The provided description says the vendor was contacted early and that a public exploit has been released.