Vulnerability Description
A security vulnerability has been detected in Wavlink WL-WN578W2 221110. This affects the function sub_404850 of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wavlink | Wl-Wn578W2 Firmware | m78w2_v221110 |
| Wavlink | Wl-Wn578W2 | - |
Related Weaknesses (CWE)
References
- https://github.com/ZZ2266/.github.io/tree/main/WAVLINK/WL-WN578W2/wireless.cgi/DExploitThird Party Advisory
- https://github.com/ZZ2266/.github.io/tree/main/WAVLINK/WL-WN578W2/wireless.cgi/DExploitThird Party Advisory
- https://vuldb.com/?ctiid.323772Permissions RequiredVDB Entry
- https://vuldb.com/?id.323772Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.643438Third Party AdvisoryVDB Entry
- https://github.com/ZZ2266/.github.io/tree/main/WAVLINK/WL-WN578W2/wireless.cgi/DExploitThird Party Advisory
- https://github.com/ZZ2266/.github.io/tree/main/WAVLINK/WL-WN578W2/wireless.cgi/DExploitThird Party Advisory
FAQ
What is CVE-2025-10358?
CVE-2025-10358 is a vulnerability with a CVSS score of 7.3 (HIGH). A security vulnerability has been detected in Wavlink WL-WN578W2 221110. This affects the function sub_404850 of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list leads to o...
How severe is CVE-2025-10358?
CVE-2025-10358 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-10358?
Check the references section above for vendor advisories and patch information. Affected products include: Wavlink Wl-Wn578W2 Firmware, Wavlink Wl-Wn578W2.