A vulnerability has been found in Wavlink WL-NU516U1-A M16U1_V240425 and classified as critical . The affected element is the function sub_401D68 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler . This manipulation of the argument SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 causes command injection. This vulnerability is registered as CVE-2026-13538 . Remote exploitation of the attack is possible. Furthermore, an exploit is available. The affected component should be upgraded.