Wavlink Security Vulnerabilities (CVEs)
Track 79 security vulnerabilities affecting Wavlink products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This CVE-2026-2615 is a command injection vulnerability in Wavlink WL-NU516U1 routers that allows remote attackers to execute arbitrary commands on af...
Feb 17, 2026This vulnerability allows remote attackers to execute arbitrary commands on Wavlink WL-WN579A3 routers by exploiting command injection in the AddMac f...
Feb 16, 2026This vulnerability allows remote attackers to execute arbitrary commands on Wavlink WL-WN579A3 routers by exploiting a command injection flaw in the D...
Feb 16, 2026This vulnerability allows remote attackers to execute arbitrary commands on Wavlink WL-WN579A3 routers by manipulating the 'key' parameter in the logi...
Feb 16, 2026This vulnerability allows remote attackers to execute arbitrary commands on Wavlink NU516U1 devices by exploiting a command injection flaw in the fire...
Sep 25, 2025This vulnerability allows remote attackers to execute arbitrary commands on Wavlink NU516U1 routers by injecting malicious input into the mac_5g param...
Sep 25, 2025This CVE describes a command injection vulnerability in Wavlink NU516U1 routers running firmware version M16U1_V240425. Attackers can remotely execute...
Sep 25, 2025This vulnerability allows remote attackers to execute arbitrary commands on Wavlink NU516U1 routers by exploiting a command injection flaw in the fire...
Sep 25, 2025This vulnerability allows remote attackers to execute arbitrary commands on Wavlink NU516U1 routers by injecting malicious input into the DeleteMac pa...
Sep 25, 2025This vulnerability allows remote attackers to execute arbitrary commands on Wavlink NU516U1 routers by manipulating the delete_list parameter in the D...
Sep 25, 2025This vulnerability allows remote attackers to execute arbitrary commands on Wavlink NU516U1 routers by injecting malicious commands through the macAdd...
Sep 25, 2025This CVE describes an OS command injection vulnerability in Wavlink WL-NU516U1 routers that allows remote attackers to execute arbitrary commands on a...
Sep 22, 2025This CVE describes a remote command injection vulnerability in Wavlink WL-WN578W2 routers. Attackers can execute arbitrary operating system commands b...
Sep 13, 2025This CVE describes a command injection vulnerability in Wavlink WL-WN578W2 routers that allows remote attackers to execute arbitrary commands on affec...
Sep 12, 2025This vulnerability in Wavlink WL-WN578W2 routers allows remote attackers to access sensitive information through the /live_online.shtml file. The flaw...
Sep 12, 2025This vulnerability in Wavlink WL-WN578W2 routers allows attackers to remotely exploit weak password recovery mechanisms via the /sysinit.html file. At...
Sep 12, 2025This vulnerability allows attackers to execute arbitrary commands on Wavlink WN535K3 routers by sending specially crafted requests to the set_sys_cmd ...
Sep 2, 2025This CVE describes a command injection vulnerability in Wavlink WN535K3 routers that allows attackers to execute arbitrary system commands by manipula...
Sep 2, 2025This CVE describes a command injection vulnerability in Wavlink WN535K3 routers that allows attackers to execute arbitrary system commands by manipula...
Jul 14, 2025This CVE describes a critical command injection vulnerability in Wavlink WL-WN579A3 routers that allows attackers to execute arbitrary commands on aff...
May 20, 2025This CVE describes a critical command injection vulnerability in the Wavlink WL-WN579A3 router's QoS configuration interface. Attackers can execute ar...
May 20, 2025This vulnerability allows authenticated attackers to execute arbitrary commands on Wavlink AC3000 routers by exploiting configuration injection in the...
Jan 14, 2025This vulnerability allows authenticated attackers to execute arbitrary code on Wavlink AC3000 routers by sending specially crafted HTTP requests that ...
Jan 14, 2025This vulnerability allows authenticated attackers to bypass permissions and inject malicious configuration into the FTP settings of Wavlink AC3000 rou...
Jan 14, 2025This vulnerability allows authenticated attackers to bypass permissions and inject configuration parameters in Wavlink AC3000 routers. Attackers can m...
Jan 14, 2025This vulnerability allows authenticated attackers to bypass permissions and inject configuration commands via the ftp_port parameter in Wavlink AC3000...
Jan 14, 2025This vulnerability allows authenticated attackers to execute arbitrary commands on Wavlink AC3000 routers by exploiting configuration injection in the...
Jan 14, 2025This CVE describes multiple OS command injection vulnerabilities in the Wavlink AC3000 router's web interface. Authenticated attackers can execute arb...
Jan 14, 2025This CVE describes multiple command injection vulnerabilities in the Wavlink AC3000 router's nas.cgi add_dir() functionality. An authenticated attacke...
Jan 14, 2025This directory traversal vulnerability in Wavlink AC3000 routers allows authenticated attackers to bypass file permissions and access restricted direc...
Jan 14, 2025This CVE describes multiple buffer overflow vulnerabilities in the Wavlink AC3000 router's internet.cgi set_qos() function. An authenticated attacker ...
Jan 14, 2025This vulnerability allows authenticated attackers to execute arbitrary code on Wavlink AC3000 routers by sending specially crafted HTTP requests that ...
Jan 14, 2025This vulnerability allows authenticated attackers to execute arbitrary code on Wavlink AC3000 routers by sending a specially crafted HTTP request that...
Jan 14, 2025This critical vulnerability allows unauthenticated attackers to execute arbitrary operating system commands on Wavlink AC3000 routers by sending speci...
Jan 14, 2025This CVE describes multiple OS command injection vulnerabilities in the Wavlink AC3000 router's internet.cgi functionality. An authenticated attacker ...
Jan 14, 2025This CVE describes multiple OS command injection vulnerabilities in Wavlink AC3000 routers that allow authenticated attackers to execute arbitrary com...
Jan 14, 2025This vulnerability allows remote attackers to execute arbitrary commands on Wavlink AC3000 routers by sending specially crafted HTTP requests. Attacke...
Jan 14, 2025A critical static login vulnerability in Wavlink AC3000 routers allows unauthenticated remote attackers to gain root access by sending specially craft...
Jan 14, 2025This vulnerability allows authenticated attackers to execute arbitrary commands on Wavlink AC3000 routers by exploiting a stack-based buffer overflow ...
Jan 14, 2025A buffer overflow vulnerability in the Wavlink AC3000 router's adm.cgi set_wzap() function allows authenticated attackers to execute arbitrary code vi...
Jan 14, 2025This vulnerability allows authenticated attackers to execute arbitrary operating system commands on Wavlink AC3000 routers through the nas.cgi interfa...
Jan 14, 2025This CVE describes an authenticated OS command injection vulnerability in the Wavlink AC3000 router's firewall.cgi functionality. Attackers with valid...
Jan 14, 2025This vulnerability allows authenticated attackers to execute arbitrary commands on Wavlink AC3000 routers by sending specially crafted HTTP requests t...
Jan 14, 2025This vulnerability allows attackers to perform man-in-the-middle attacks to push arbitrary firmware updates to Wavlink AC3000 routers. Attackers can c...
Jan 14, 2025This vulnerability allows authenticated attackers to execute arbitrary code on Wavlink AC3000 routers by sending a specially crafted HTTP request that...
Jan 14, 2025This vulnerability allows authenticated attackers to execute arbitrary code on Wavlink AC3000 routers by sending a specially crafted HTTP request that...
Jan 14, 2025A buffer overflow vulnerability in the Wavlink AC3000 router's adm.cgi component allows authenticated attackers to execute arbitrary code via crafted ...
Jan 14, 2025This vulnerability allows authenticated attackers to execute arbitrary code on Wavlink AC3000 routers by sending a specially crafted HTTP request that...
Jan 14, 2025This vulnerability allows authenticated attackers to execute arbitrary code on Wavlink AC3000 routers via a buffer overflow in the usbip.cgi component...
Jan 14, 2025This vulnerability allows authenticated attackers to execute arbitrary commands on Wavlink AC3000 routers via a crafted HTTP request to the qos.cgi en...
Jan 14, 2025Why Monitor Wavlink Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 79+ known vulnerabilities affecting Wavlink products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Wavlink packages in under 60 seconds. No agents required - completely agentless scanning that works across Wavlink deployments.
Free vulnerability database: Access detailed information about every Wavlink CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Wavlink CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
