Vulnerability Database

296,213

Total vulnerabilities in the database

CVE-2025-9149

A vulnerability was determined in Wavlink WL-NU516U1 M16U1_V240425. This impacts the function sub_4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guest_ssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

  • Published: Aug 19, 2025
  • Updated: Aug 20, 2025
  • CVE: CVE-2025-9149
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.3
  • AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWEs:

OWASP TOP 10:

No affected software listed.