A vulnerability identified as critical has been detected in Wavlink WL-NU516U1 260515. This affects the function wlink_uci_set_value of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument lan_ip results in os command injection.

This vulnerability is identified as CVE-2026-15513. The attack can be initiated remotely. Additionally, an exploit exists.

You should upgrade the affected component.

The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.