CVE-2026-13538 | Wavlink WL-NU516U1-A M16U1_V240425 POST Parameter /cgi-bin/wireless.cgi sub_401D68 SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 command injection
A vulnerability has been found in Wavlink WL-NU516U1-A M16U1_V240425 and classified as critical. The affected element is the function sub_401D68 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. This manipulation of the argument SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 causes command injection.
This vulnerability is registered as CVE-2026-13538. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
The affected component should be upgraded.
The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.VulDB Recent EntriesRead More