{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2567", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-15T19:40:10.069Z", "datePublished": "2026-02-16T17:32:05.929Z", "dateUpdated": "2026-02-23T10:13:10.511Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T10:13:10.511Z"}, "title": "Wavlink WL-NU516U1 nas.cgi sub_401218 stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Wavlink", "product": "WL-NU516U1", "versions": [{"version": "20251208", "status": "affected"}], "cpes": ["cpe:2.3:o:wavlink:wl-nu516u1_firmware:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in Wavlink WL-NU516U1 20251208. This vulnerability affects the function sub_401218 of the file /cgi-bin/nas.cgi. Performing a manipulation of the argument User1Passwd results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.6, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 8.3, "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-02-15T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-15T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-20T10:46:00.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "haimianbaobao (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.346174", "name": "VDB-346174 | Wavlink WL-NU516U1 nas.cgi sub_401218 stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.346174", "name": "VDB-346174 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.752016", "name": "Submit #752016 | Wavlink NU516U1 V251208 Stack-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/nas.cgi_User1Passwd.md", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-17T14:46:06.303604Z", "id": "CVE-2026-2567", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T14:46:34.421Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2567", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-17T14:46:06.303604Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T14:46:29.235Z"}}], "cna": {"title": "Wavlink WL-NU516U1 nas.cgi sub_401218 stack-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "haimianbaobao (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.6, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 8.3, "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:o:wavlink:wl-nu516u1_firmware:*:*:*:*:*:*:*:*"], "vendor": "Wavlink", "product": "WL-NU516U1", "versions": [{"status": "affected", "version": "20251208"}]}], "timeline": [{"lang": "en", "time": "2026-02-15T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-15T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-20T10:46:00.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.346174", "name": "VDB-346174 | Wavlink WL-NU516U1 nas.cgi sub_401218 stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.346174", "name": "VDB-346174 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.752016", "name": "Submit #752016 | Wavlink NU516U1 V251208 Stack-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/nas.cgi_User1Passwd.md", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in Wavlink WL-NU516U1 20251208. This vulnerability affects the function sub_401218 of the file /cgi-bin/nas.cgi. Performing a manipulation of the argument User1Passwd results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T10:13:10.511Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2567", "state": "PUBLISHED", "dateUpdated": "2026-02-23T10:13:10.511Z", "dateReserved": "2026-02-15T19:40:10.069Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-16T17:32:05.929Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wavlink:wl-nu516u1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "422DDC2F-7D66-4EA7-BD8A-FE781A94898D", "versionEndIncluding": "2025-12-08", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wavlink:wl-nu516u1:-:*:*:*:*:*:*:*", "matchCriteriaId": "C697E865-5984-4974-8A11-43CC6940ABFA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in Wavlink WL-NU516U1 20251208. This vulnerability affects the function sub_401218 of the file /cgi-bin/nas.cgi. Performing a manipulation of the argument User1Passwd results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used."}, {"lang": "es", "value": "Una vulnerabilidad fue detectada en Wavlink WL-NU516U1 20251208. Esta vulnerabilidad afecta la funci\u00f3n sub_401218 del archivo /cgi-bin/nas.cgi. Realizar una manipulaci\u00f3n del argumento User1Passwd resulta en un desbordamiento de b\u00fafer basado en pila. El ataque puede ser iniciado remotamente. El exploit es ahora p\u00fablico y puede ser usado."}], "id": "CVE-2026-2567", "lastModified": "2026-02-18T19:41:03.690", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-16T18:19:45.217", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/nas.cgi_User1Passwd.md"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.346174"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.346174"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.752016"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "20251208"}}], "product": "wl-nu516u1", "vendor": "wavlink"}], "analysis": {"en": {"generated_at": "2026-04-17T19:00:00.231922+00:00", "value": {"mitigation_remediation": ["Flash a corrected firmware version that addresses the sub_401218 overflow.", "If no firmware update is available, block external HTTP requests to /cgi-bin/nas.cgi or disable the User1Passwd feature through the device\u2019s firewall or web configuration.", "Change the device\u2019s default administrative credentials and monitor logs for unexpected accesses to the User1Passwd parameter."], "summary": {"action": "Patch Immediately", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is the Wavlink WL\u2011NU516U1 network attached storage appliance running firmware version 20251208. The issue resides in the /cgi-bin/nas.cgi component of the device. Users operating that model with the specified firmware are potentially vulnerable. No other vendors or products are listed in the CVE data.", "description_and_impact": "A stack\u2011based buffer overflow was discovered in the sub_401218 function of the Wavlink WL\u2011NU516U1 firmware 20251208. The flaw is triggered by manipulating the User1Passwd argument supplied to the /cgi-bin/nas.cgi CGI script. By overflowing the stack buffer, an attacker can overwrite control data on the stack and potentially execute arbitrary code. The vulnerability is remotely exploitable, meaning only network access to the device is required to send a crafted request.", "risk_and_exploitability": "The CVSS base score of 8.6 indicates high severity, while the EPSS score of less than 1% suggests a very low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Because the flaw allows remote exploitation via HTTP requests, an attacker who can reach the device from outside the local network could potentially gain code execution if the NAS is exposed. The description implies that an attacker would need to supply a specially crafted User1Passwd parameter to trigger the overflow, but no public proof\u2011of\u2011concept is referenced, so the practical exploitability remains somewhat uncertain."}}}}, "created": "2026-02-17T08:49:02.782073+00:00", "updated": "2026-04-17T19:00:11.065983+00:00", "vendors": ["wavlink", "wavlink$PRODUCT$wl-nu516u1"]}