CVE-2025-10321 is a medium-severity information disclosure vulnerability affecting the Wavlink WL-WN578W2 wireless router, specifically version 221110. The flaw resides in an unspecified function within the /live_online.shtml file, which is part of the device's web interface. An attacker can remotely exploit this vulnerability without requiring authentication or user interaction, by sending crafted requests to the affected endpoint. Successful exploitation results in unauthorized disclosure of sensitive information, which could include configuration details, network information, or other data exposed by the vulnerable web page. The vulnerability has a CVSS 4.0 base score of 6.9, indicating a moderate risk primarily due to its remote exploitability and lack of required privileges, but limited impact on integrity or availability. The vendor, Wavlink, was notified early but has not issued a response or patch, and while a public exploit exists, there are no confirmed reports of active exploitation in the wild at this time. This lack of vendor response increases the risk for users of this device, as no official remediation is currently available.

For European organizations using the Wavlink WL-WN578W2 router, this vulnerability poses a risk of sensitive information leakage that could aid attackers in further compromising network security. Information disclosed might include network configurations, device status, or credentials, which could facilitate lateral movement, targeted attacks, or unauthorized access to internal resources. Small and medium enterprises (SMEs) and home office setups relying on this device without additional security layers are particularly vulnerable. The impact is heightened in environments where network segmentation or monitoring is limited. Although the vulnerability does not directly allow code execution or denial of service, the information disclosure can be a stepping stone for more severe attacks. Given the lack of vendor patching, European organizations must consider the risk of prolonged exposure, especially in sectors with sensitive data such as finance, healthcare, and critical infrastructure.

Since no official patch is available, European organizations should implement compensating controls immediately. These include isolating the affected device from untrusted networks, restricting remote management access via firewall rules or VPNs, and disabling remote web administration if possible. Network monitoring should be enhanced to detect unusual HTTP requests targeting /live_online.shtml or other suspicious activity. Organizations should consider replacing the Wavlink WL-WN578W2 router with a more secure and actively supported device. If replacement is not feasible, deploying network segmentation to limit the router's exposure and using intrusion detection/prevention systems to block exploit attempts is recommended. Regularly reviewing device firmware updates from Wavlink is essential in case a patch is released. Additionally, educating users about the risks and encouraging strong network security hygiene will help mitigate potential exploitation.