{"api_version":"1","generated_at":"2026-07-16T13:22:52+00:00","cve":"CVE-2026-15513","urls":{"html":"https://cve.report/CVE-2026-15513","api":"https://cve.report/api/cve/CVE-2026-15513.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-15513","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-15513"},"summary":{"title":"Wavlink WL-NU516U1 adm.cgi wlink_uci_set_value os command injection","description":"A security flaw has been discovered in Wavlink WL-NU516U1 260515. This affects the function wlink_uci_set_value of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument lan_ip results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.","state":"PUBLISHED","assigner":"VulDB","published_at":"2026-07-13 00:16:47","updated_at":"2026-07-13 16:57:56"},"problem_types":["CWE-77","CWE-78","CWE-78 OS Command Injection","CWE-77 Command Injection"],"metrics":[{"version":"4.0","source":"cna@vuldb.com","type":"Secondary","score":"2.1","severity":"LOW","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"DECLARED","score":"5.3","severity":"MEDIUM","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","data":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"version":"3.1","source":"cna@vuldb.com","type":"Secondary","score":"6.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"6.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C","data":{"baseScore":6.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C","version":"3.1"}},{"version":"3.0","source":"CNA","type":"DECLARED","score":"6.3","severity":"MEDIUM","vector":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C","data":{"baseScore":6.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C","version":"3.0"}},{"version":"2.0","source":"cna@vuldb.com","type":"Secondary","score":"6.5","severity":"","vector":"AV:N/AC:L/Au:S/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}},{"version":"2.0","source":"CNA","type":"DECLARED","score":"6.5","severity":"","vector":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C","data":{"baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C","version":"2.0"}}],"references":[{"url":"https://github.com/0xcc12138/wavlink-nu516u1-csrf-command-injection-","name":"https://github.com/0xcc12138/wavlink-nu516u1-csrf-command-injection-","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/vuln/377842","name":"https://vuldb.com/vuln/377842","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/vuln/377842/cti","name":"https://vuldb.com/vuln/377842/cti","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://dl.wavlink.com/firmware/RD/WINSTAR_NU516U1-WO-A-2026-06-22-5ccde97-mt7628-squashfs-sysupgrade.bin","name":"https://dl.wavlink.com/firmware/RD/WINSTAR_NU516U1-WO-A-2026-06-22-5ccde97-mt7628-squashfs-sysupgrade.bin","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/cve/CVE-2026-15513","name":"https://vuldb.com/cve/CVE-2026-15513","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/submit/847517","name":"https://vuldb.com/submit/847517","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-15513","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-15513","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Wavlink","product":"WL-NU516U1","version":"affected 260515","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-07-12T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"source":"CNA","time":"2026-07-12T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"source":"CNA","time":"2026-07-12T08:31:31.000Z","lang":"en","value":"VulDB entry last update"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"0xcc12138 (VulDB User)","lang":"en"},{"source":"CNA","value":"VulDB CNA Team","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"15513","cve":"CVE-2026-15513","epss":"0.014220000","percentile":"0.697620000","score_date":"2026-07-14","updated_at":"2026-07-15 00:14:56"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-15513","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-07-13T15:24:03.623706Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-07-13T15:24:17.623Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"cpes":["cpe:2.3:o:wavlink:wl-nu516u1_firmware:*:*:*:*:*:*:*:*"],"product":"WL-NU516U1","vendor":"Wavlink","versions":[{"status":"affected","version":"260515"}]}],"credits":[{"lang":"en","type":"reporter","value":"0xcc12138 (VulDB User)"},{"lang":"en","type":"coordinator","value":"VulDB CNA Team"}],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in Wavlink WL-NU516U1 260515. This affects the function wlink_uci_set_value of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument lan_ip results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product."}],"metrics":[{"cvssV4_0":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"cvssV3_1":{"baseScore":6.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C","version":"3.1"}},{"cvssV3_0":{"baseScore":6.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C","version":"3.0"}},{"cvssV2_0":{"baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C","version":"2.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-78","description":"OS Command Injection","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-77","description":"Command Injection","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-12T23:30:15.048Z","orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB"},"references":[{"name":"VDB-377842 | Wavlink WL-NU516U1 adm.cgi wlink_uci_set_value os command injection","tags":["vdb-entry","technical-description"],"url":"https://vuldb.com/vuln/377842"},{"name":"VDB-377842 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"],"url":"https://vuldb.com/vuln/377842/cti"},{"name":"CVE-2026-15513 | CVE Analysis and Report","tags":["third-party-advisory"],"url":"https://vuldb.com/cve/CVE-2026-15513"},{"name":"Submit #847517 | WAVLINK NU516U1 M16U1_V260515 OS Command Injection","tags":["third-party-advisory"],"url":"https://vuldb.com/submit/847517"},{"tags":["exploit"],"url":"https://github.com/0xcc12138/wavlink-nu516u1-csrf-command-injection-"},{"tags":["patch"],"url":"https://dl.wavlink.com/firmware/RD/WINSTAR_NU516U1-WO-A-2026-06-22-5ccde97-mt7628-squashfs-sysupgrade.bin"}],"timeline":[{"lang":"en","time":"2026-07-12T00:00:00.000Z","value":"Advisory disclosed"},{"lang":"en","time":"2026-07-12T02:00:00.000Z","value":"VulDB entry created"},{"lang":"en","time":"2026-07-12T08:31:31.000Z","value":"VulDB entry last update"}],"title":"Wavlink WL-NU516U1 adm.cgi wlink_uci_set_value os command injection"}},"cveMetadata":{"assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","assignerShortName":"VulDB","cveId":"CVE-2026-15513","datePublished":"2026-07-12T23:30:15.048Z","dateReserved":"2026-07-12T06:26:27.054Z","dateUpdated":"2026-07-13T15:24:17.623Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-13 00:16:47","lastModifiedDate":"2026-07-13 16:57:56","problem_types":["CWE-77","CWE-78","CWE-78 OS Command Injection","CWE-77 Command Injection"],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:24:03.623706Z","id":"CVE-2026-15513","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"15513","Ordinal":"1","Title":"Wavlink WL-NU516U1 adm.cgi wlink_uci_set_value os command inject","CVE":"CVE-2026-15513","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"15513","Ordinal":"1","NoteData":"A security flaw has been discovered in Wavlink WL-NU516U1 260515. This affects the function wlink_uci_set_value of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument lan_ip results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.","Type":"Description","Title":"Wavlink WL-NU516U1 adm.cgi wlink_uci_set_value os command inject"}]}}}