A vulnerability classified as critical was found in Wavlink NU516U1 240425 . The impacted element is the function sys_login1 of the file /cgi-bin/login.cgi . Executing a manipulation of the argument ipaddr can lead to os command injection. This vulnerability is handled as CVE-2026-8230 . The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure.