A vulnerability described as critical has been identified in Wavlink NU516U1 240425 . Impacted is the function advance of the file /cgi-bin/wireless.cgi . Such manipulation of the argument wlan_conf/Channel/skiplist/ieee_80211h leads to os command injection. This vulnerability is traded as CVE-2026-8228 . The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure.