CVE-2026-13538
MediumCVSS 6.3Exploitation Probability (EPSS)
Elevated risk67th percentile — higher than 67% of all known CVEs
Summary
A command injection vulnerability was found in Wavlink WL-NU516U1-A firmware version M16U1_V240425. The issue is in the sub_401D68 function of the /cgi-bin/wireless.cgi file, where the SSID2G2, SSID5G2, AuthMethod2, and WPAPSK12 parameters are improperly handled. Remote exploitation is possible, and the exploit has been publicly disclosed.
Risk Assessment
The organization is at risk of remote takeover of the Wavlink device, which could lead to network compromise, data interception, or use of the device as an entry point for further attacks.
Recommendation
Immediately update the Wavlink WL-NU516U1-A firmware to the latest version released by the vendor, which fixes this vulnerability. Until the update is applied, restrict access to the device management interface to trusted IP addresses only.
Original NVD description (English source)
A vulnerability was determined in Wavlink WL-NU516U1-A M16U1_V240425. The affected element is the function sub_401D68 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. This manipulation of the argument SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The affected component should be upgraded. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

