CVE-2025-10323 is a command injection vulnerability identified in the Wavlink WL-WN578W2 wireless router, specifically in firmware version 221110. The vulnerability resides in the function sub_409184 within the /wizard_rep.shtml file. It is triggered by manipulating the 'sel_EncrypTyp' argument, which allows an attacker to inject arbitrary commands that the device executes. This vulnerability is remotely exploitable without requiring authentication or user interaction, making it particularly dangerous. The CVSS 4.0 base score is 6.9, indicating a medium severity level. The attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The impact affects confidentiality, integrity, and availability at a low level (VC:L, VI:L, VA:L). The vendor has been contacted but has not responded or provided a patch, and while an exploit has been publicly disclosed, there are no known exploits actively used in the wild yet. This vulnerability could allow attackers to execute arbitrary commands on the device, potentially leading to device takeover, network reconnaissance, or pivoting attacks within the local network. The lack of vendor response and patch availability increases the risk for users of this device.

For European organizations, this vulnerability poses a significant risk especially for those using Wavlink WL-WN578W2 routers in their network infrastructure. Exploitation could lead to unauthorized control over the device, enabling attackers to intercept or manipulate network traffic, disrupt network availability, or use the compromised device as a foothold for further attacks within the corporate network. Small and medium enterprises (SMEs) and home office setups that rely on this router model are particularly vulnerable due to typically weaker network segmentation and security monitoring. The potential impact includes data breaches, loss of network service, and lateral movement by attackers targeting sensitive systems. Given the remote exploitability without authentication, attackers can scan for vulnerable devices across the internet or local networks, increasing the attack surface. The absence of a vendor patch means organizations must rely on mitigations and alternative protective measures until an official fix is released.

1. Immediate mitigation should include isolating the affected Wavlink WL-WN578W2 devices from critical network segments to limit potential lateral movement. 2. Disable remote management interfaces or restrict access to trusted IP addresses only, reducing exposure to remote exploitation. 3. Monitor network traffic for unusual command execution patterns or unexpected outbound connections originating from the router. 4. If possible, replace the affected device with a different router model from a vendor with timely security support. 5. Employ network segmentation and firewall rules to limit the router's ability to communicate with sensitive internal systems. 6. Regularly scan the network for devices running the vulnerable firmware version and maintain an inventory to track affected assets. 7. Stay alert for vendor updates or community-developed patches and apply them promptly once available. 8. Consider deploying intrusion detection/prevention systems (IDS/IPS) with signatures targeting this vulnerability's exploitation attempts.