A critical out-of-bounds write vulnerability in Wavlink NU516U1 routers allows remote attackers to execute arbitrary code and gain full control over the device.

This flaw exists within the sub_401A10 function of the /cgi-bin/login.cgi file. A remote, unauthenticated attacker can manipulate the ipaddr argument to trigger an out-of-bounds write, leading to memory corruption and potential code execution.

A successful exploit allows an external actor to gain unauthorized access to the router’s operating system. This could result in the interception of network traffic, credential theft, or the recruitment of the device into a botnet. The CVSS score of 9.8 reflects the critical nature of this vulnerability due to its remote exploitability and the availability of public exploit code.

Immediate Action: Update the router firmware to the latest version provided by Wavlink immediately, as a fix has been professionally released.

Proactive Monitoring: Monitor network traffic for unusual outbound connections and review device logs for suspicious activity originating from the /cgi-bin/login.cgi endpoint.

Compensating Controls: Restrict access to the router’s web management interface from the public internet using a firewall or VPN to minimize the attack surface.

Public Exploit Available: true

The severity of this vulnerability, combined with the availability of a public exploit, necessitates immediate remediation. Administrators should verify the firmware version of all Wavlink NU516U1 devices and apply the vendor-provided patch without delay to prevent unauthorized remote access.