Buffer overflow in Wavlink Wl-nu516u1
CVE-2026-2565
A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the function sub_40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument time_zone causes stack-based buffer overflow. The attack can b…
Vulnerability class: Buffer Overflow
EPSS: 0.000 (15.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.6 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R.
Affected products
- Wavlink Wl-nu516u1 — versions 20251208
Weakness classification (CWE)
References
- VDB-346172 | Wavlink WL-NU516U1 adm.cgi sub_40785C stack-based overflow (vdb-entry, technical-description)
- VDB-346172 | CTI Indicators (IOB, IOC, IOA) (signature, permissions-required)
- Submit #751133 | Wavlink NU516U1 V251208 Stack-based Buffer Overflow (third-party-advisory)
- github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/time_zone.md (exploit)
Frequently asked questions
- What is CVE-2026-2565?
- CVE-2026-2565 is a medium-severity vulnerability in Wavlink Wl-nu516u1, classified under Stack-based Buffer Overflow. CVSS score: 6.6/10. Published 2026-02-16.
- How severe is CVE-2026-2565?
- Medium severity. CVSS v3 base score is 6.6 out of 10.