CVE-2025-10961 | Wavlink NU516U1 M16U1_V240425 Delete_Mac_list Page /cgi-bin/wireless.cgi sub_4030C0 delete_list command injection

A vulnerability was found in Wavlink NU516U1 M16U1_V240425. It has been declared as critical. This affects the function sub_4030C0 of the file /cgi-bin/wireless.cgi of the component Delete_Mac_list Page. Executing manipulation of the argument delete_list can lead to command injection.

This vulnerability appears as CVE-2025-10961. The attacker needs to be present on the local network. There is no available exploit.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More