CVE-2025-10961 | Wavlink NU516U1 M16U1_V240425 Delete_Mac_list Page /cgi-bin/wireless.cgi sub_4030C0 delete_list command injection
A vulnerability was found in Wavlink NU516U1 M16U1_V240425. It has been declared as critical. This affects the function sub_4030C0 of the file /cgi-bin/wireless.cgi of the component Delete_Mac_list Page. Executing manipulation of the argument delete_list can lead to command injection.
This vulnerability appears as CVE-2025-10961. The attacker needs to be present on the local network. There is no available exploit.
The vendor was contacted early about this disclosure but did not respond in any way.