CVE-2026-2566:

Overview

A critical security flaw has been identified in specific Wavlink wireless range extender models. This vulnerability allows a remote attacker to send specially crafted data to the device, which can cause a system crash or potentially allow the attacker to take control of the device.

Vulnerability Details

The vulnerability exists in the administrative web interface (/cgi-bin/adm.cgi) of the affected Wavlink devices. A specific function responsible for handling firmware update URLs does not properly validate the length of user-supplied input. By supplying an overly long web address (URL) in a network request, an attacker can overflow a memory buffer on the device. This type of flaw is known as a stack-based buffer overflow.

Because the vulnerable interface is accessible over the network, the attack can be performed remotely without any prior authentication.

Affected Products

• Wavlink WL-NU516U1 (AC1200 Dual Band WiFi Range Extender) with firmware version 130/260 and earlier versions.

Potential Impact

If successfully exploited, this vulnerability could allow an attacker to:

• Disrupt Service: Crash the device, causing a denial-of-service for connected users.
• Execute Arbitrary Code: Potentially run malicious code on the device with full system privileges.
• Compromise the Network: Use the compromised device as a foothold to launch further attacks on other devices within the local network.

A functional exploit for this vulnerability has been made publicly available, increasing the risk of active attacks.

Remediation and Mitigation

As the vendor has not provided an official patch or response, the following actions are strongly recommended:

1. Isolate Affected Devices: Immediately remove the affected Wavlink range extenders from critical network segments. Place them on a segregated guest or IoT network to limit potential lateral movement if compromised.
2. Monitor for Updates: Regularly check the official Wavlink support website for firmware updates addressing CVE-2026-2566. Apply any available patch immediately upon release.
3. Restrict Access: If the device must remain in service, use firewall rules to block all external WAN (internet) access to its web administration interface (typically ports 80/HTTP and 443/HTTPS). Ensure it is only accessible from trusted, internal management networks if remote management is absolutely necessary.
4. Consider Replacement: Given the lack of vendor response and the high severity of the flaw, organizations should evaluate replacing affected hardware with a product from a vendor that provides active security support and timely patches.