{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-13539", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-06-28T10:01:38.197Z", "datePublished": "2026-06-29T05:30:09.451Z", "dateUpdated": "2026-06-29T14:52:41.292Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-06-29T05:30:09.451Z"}, "title": "Wavlink WL-NU516U1-A POST Parameter wireless.cgi sub_407504 stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Wavlink", "product": "WL-NU516U1-A", "versions": [{"version": "M16U1_V240425", "status": "affected"}], "cpes": ["cpe:2.3:a:wavlink:wl-nu516u1-a:*:*:*:*:*:*:*:*"], "modules": ["POST Parameter Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Wavlink WL-NU516U1-A M16U1_V240425. The impacted element is the function sub_407504 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. Such manipulation of the argument Guest_ssid leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. It is suggested to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-06-28T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-06-28T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-06-28T12:07:03.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "JuneGu (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/374547", "name": "VDB-374547 | Wavlink WL-NU516U1-A POST Parameter wireless.cgi sub_407504 stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/374547/cti", "name": "VDB-374547 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/cve/CVE-2026-13539", "name": "CVE-2026-13539 | CVE Analysis and Report", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/submit/834024", "name": "Submit #834024 | Wavlink WL-NU516U1-A M16U1_V240425 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Svigo-o/Wavlink_vul/tree/main/wavlink-wl-nu516u1-wireless-guestwifi-guestssid-buffer-overflow", "tags": ["exploit"]}, {"url": "https://dl.wavlink.com/firmware/RD/WINSTAR_NU516U1-WO-A-2026-06-22-5ccde97-mt7628-squashfs-sysupgrade.bin", "tags": ["patch"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-29T14:13:41.239265Z", "id": "CVE-2026-13539", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-29T14:52:41.292Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-13539", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-29T14:13:41.239265Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-29T14:13:42.475Z"}}], "cna": {"title": "Wavlink WL-NU516U1-A POST Parameter wireless.cgi sub_407504 stack-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "JuneGu (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C"}}], "affected": [{"cpes": ["cpe:2.3:a:wavlink:wl-nu516u1-a:*:*:*:*:*:*:*:*"], "vendor": "Wavlink", "modules": ["POST Parameter Handler"], "product": "WL-NU516U1-A", "versions": [{"status": "affected", "version": "M16U1_V240425"}]}], "timeline": [{"lang": "en", "time": "2026-06-28T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-06-28T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-06-28T12:07:03.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/374547", "name": "VDB-374547 | Wavlink WL-NU516U1-A POST Parameter wireless.cgi sub_407504 stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/374547/cti", "name": "VDB-374547 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/cve/CVE-2026-13539", "name": "CVE-2026-13539 | CVE Analysis and Report", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/submit/834024", "name": "Submit #834024 | Wavlink WL-NU516U1-A M16U1_V240425 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Svigo-o/Wavlink_vul/tree/main/wavlink-wl-nu516u1-wireless-guestwifi-guestssid-buffer-overflow", "tags": ["exploit"]}, {"url": "https://dl.wavlink.com/firmware/RD/WINSTAR_NU516U1-WO-A-2026-06-22-5ccde97-mt7628-squashfs-sysupgrade.bin", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Wavlink WL-NU516U1-A M16U1_V240425. The impacted element is the function sub_407504 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. Such manipulation of the argument Guest_ssid leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. It is suggested to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-06-29T05:30:09.451Z"}}}, "cveMetadata": {"cveId": "CVE-2026-13539", "state": "PUBLISHED", "dateUpdated": "2026-06-29T14:52:41.292Z", "dateReserved": "2026-06-28T10:01:38.197Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-06-29T05:30:09.451Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "M16U1_V240425"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "WL-NU516U1-A", "source": "cna", "vendor": "Wavlink"}, "product": "wl-nu516u1-a", "vendor": "wavlink"}], "created": "2026-06-29T08:30:05.875639+00:00", "updated": "2026-06-29T11:00:05.335394+00:00", "vendors": ["wavlink", "wavlink$PRODUCT$wl-nu516u1-a"]}