CVE-2026-2567
Published: 16 February 2026
Summary
CVE-2026-2567 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Wavlink Wl-Nu516U1 Firmware. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Memory protections (e.g., W^X, ASLR) make exploitation of buffer-boundary violations far harder to turn into code execution.
Ongoing control assessments and code testing (static/dynamic analysis, fuzzing) surface memory buffer restriction failures, which are then remediated before release.
Managed runtimes used by platform-independent applications (e.g., JVM, CLR) enforce memory safety, preventing most buffer overflows that require direct memory manipulation.
Detects exploitation attempts that produce memory corruption, crashes, or anomalous behavior.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public-facing /cgi-bin/nas.cgi web endpoint enables remote code execution (even with PR:H auth), matching T1190 Exploit Public-Facing Application.
NVD Description
A vulnerability was detected in Wavlink WL-NU516U1 20251208. This vulnerability affects the function sub_401218 of the file /cgi-bin/nas.cgi. Performing a manipulation of the argument User1Passwd results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now…
more
public and may be used.
Deeper analysisAI
CVE-2026-2567 is a stack-based buffer overflow vulnerability affecting the Wavlink WL-NU516U1 firmware version 20251208. The flaw exists in the sub_401218 function of the /cgi-bin/nas.cgi file and is triggered by manipulating the User1Passwd argument. Published on 2026-02-16, it carries a CVSS 3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) and maps to CWEs 119, 121, and 787.
The vulnerability enables remote exploitation by attackers with high privileges, such as authenticated users with administrative access. Low attack complexity and no user interaction are required, allowing attackers to achieve high impacts on confidentiality, integrity, and availability, potentially resulting in arbitrary code execution through the buffer overflow. A public exploit is available for use.
Advisories and further details are documented on VulDB at https://vuldb.com/?ctiid.346174, https://vuldb.com/?id.346174, and https://vuldb.com/?submit.752016. A proof-of-concept exploit is publicly hosted on GitHub at https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/nas.cgi_User1Passwd.md.
Details
- CWE(s)