๐Ÿ” CVE Alert

CVE-2026-13538

MEDIUM 6.3

Wavlink WL-NU516U1-A POST Parameter wireless.cgi sub_401D68 command injection

CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability was determined in Wavlink WL-NU516U1-A M16U1_V240425. The affected element is the function sub_401D68 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. This manipulation of the argument SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The affected component should be upgraded. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

CWE CWE-77 CWE-74
Vendor wavlink
Product wl-nu516u1-a
Published Jun 29, 2026
Stay Ahead of the Next One

Get instant alerts for wavlink wl-nu516u1-a

Be the first to know when new medium vulnerabilities affecting wavlink wl-nu516u1-a are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

Wavlink / WL-NU516U1-A
M16U1_V240425

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/374546 vuldb.com: https://vuldb.com/vuln/374546/cti vuldb.com: https://vuldb.com/cve/CVE-2026-13538 vuldb.com: https://vuldb.com/submit/834019 vuldb.com: https://vuldb.com/submit/834021 vuldb.com: https://vuldb.com/submit/834022 vuldb.com: https://vuldb.com/submit/834023 github.com: https://github.com/Svigo-o/Wavlink_vul/tree/main/wavlink-wl-nu516u1-wireless-multissid-ssid2g2-command-injection github.com: https://github.com/Svigo-o/Wavlink_vul/tree/main/wavlink-wl-nu516u1-wireless-multissid-ssid5g2-command-injection dl.wavlink.com: https://dl.wavlink.com/firmware/RD/WINSTAR_NU516U1-WO-A-2026-06-22-5ccde97-mt7628-squashfs-sysupgrade.bin

Credits

๐Ÿ” HustBinary (VulDB User) VulDB CNA Team