A vulnerability marked as critical has been reported in Wavlink NU516U1 240425 . This issue affects the function wzdapMesh of the file /cgi-bin/adm.cgi . This manipulation causes os command injection. This vulnerability appears as CVE-2026-8227 . The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure.