CVE-2026-8227 MEDIUM

CVE-2026-8227: Wavlink NU516U1 adm.cgi wzdapMesh os command injection

Vendor Wavlink

Product NU516U1

Weakness CWE-78

Published May 10, 2026

Last update May 11, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A weakness has been identified in Wavlink NU516U1 240425. This issue affects the function wzdapMesh of the file /cgi-bin/adm.cgi. This manipulation causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure.

Key dates

02Disclosure timeline

May 10, 2026 CVE published

May 11, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-8227

Related vulnerabilities

CVE-2026-8227: Wavlink NU516U1 adm.cgi wzdapMesh os command injection

01Description

02Disclosure timeline

03References

04Related CVE