Description
A vulnerability was identified in Wavlink WL-NU516U1-A M16U1_V240425. The impacted element is the function sub_407504 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. Such manipulation of the argument Guest_ssid leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. It is suggested to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Published: 2026-06-29
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Wavlink WL-NU516U1-A firmware contains a stack-based buffer overflow in the wireless.cgi subroutine that processes the Guest_ssid POST parameter. By sending a specially crafted Guest_ssid value, an attacker can overflow the stack and potentially execute arbitrary code. The vulnerability is exploitable from outside the local network and a public exploit exists, indicating that attackers can target devices without physical access.

Affected Systems

The vulnerability affects the Wavlink WL-NU516U1-A model, specifically firmware version M16U1_V240425. Administrators should verify if their deployment runs this firmware and whether the device is exposed to the Internet.

Risk and Exploitability

The CVSS score of 8.7 classifies this issue as high severity, and the lack of an EPSS score does not diminish the known existence of a publicly available exploit. Since the vulnerability is remote, it offers a straightforward attack path for external adversaries, and the device is not listed in the CISA KEV catalog but should still be treated with urgency. The CWE identifiers CWE-119 and CWE-121 further highlight the risk of uncontrolled memory writes and stack corruption.

Generated by OpenCVE AI on June 29, 2026 at 08:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device to the latest firmware released by Wavlink that resolves the wireless.cgi stack corruption.
  • If an immediate firmware upgrade is not possible, restrict external access to the Guest_ssid POST endpoint by applying firewall rules or disabling the guest SSID feature until a patch can be applied.
  • Enable logging and monitor for abnormal Guest_ssid activity to detect attempted exploitation attempts.

Generated by OpenCVE AI on June 29, 2026 at 08:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 29 Jun 2026 07:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in Wavlink WL-NU516U1-A M16U1_V240425. The impacted element is the function sub_407504 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. Such manipulation of the argument Guest_ssid leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. It is suggested to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Title Wavlink WL-NU516U1-A POST Parameter wireless.cgi sub_407504 stack-based overflow
First Time appeared Wavlink
Wavlink wl-nu516u1-a
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:a:wavlink:wl-nu516u1-a:*:*:*:*:*:*:*:*
Vendors & Products Wavlink
Wavlink wl-nu516u1-a
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}


Subscriptions

Wavlink Wl-nu516u1-a
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-29T14:52:41.292Z

Reserved: 2026-06-28T10:01:38.197Z

Link: CVE-2026-13539

cve-icon Vulnrichment

Updated: 2026-06-29T14:13:42.475Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T11:00:05Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-121

    Stack-based Buffer Overflow