CVE-2026-15513 | Wavlink WL-NU516U1 260515 /cgi-bin/adm.cgi wlink_uci_set_value lan_ip os command injection (EUVD-2026-43254)
A vulnerability identified as critical has been detected in Wavlink WL-NU516U1 260515. This affects the function wlink_uci_set_value of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument lan_ip results in os command injection.
This vulnerability is identified as CVE-2026-15513. The attack can be initiated remotely. Additionally, an exploit exists.
You should upgrade the affected component.
The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.