CVE-2025-10358 is a security vulnerability identified in the Wavlink WL-WN578W2 wireless router, specifically in firmware version 221110. The vulnerability exists in the /cgi-bin/wireless.cgi script, within the function sub_404850. It arises from improper handling of the 'delete_list' argument, which can be manipulated to perform OS command injection. This means an attacker can remotely execute arbitrary operating system commands on the affected device without any authentication or user interaction. The vulnerability is remotely exploitable over the network, making it a significant risk for exposed devices. The vendor has been notified but has not responded or issued a patch, and while no known exploits are currently observed in the wild, public disclosure of the exploit code increases the risk of exploitation. The CVSS v4.0 base score is 6.9, indicating a medium severity level, with attack vector network, low attack complexity, no privileges or user interaction required, and limited impact on confidentiality, integrity, and availability. The vulnerability could allow attackers to gain control over the device, potentially leading to further network compromise, data interception, or disruption of network services.

For European organizations using the Wavlink WL-WN578W2 router with the affected firmware, this vulnerability poses a tangible risk. Successful exploitation could lead to unauthorized control over network infrastructure, enabling attackers to intercept or manipulate internal communications, launch further attacks within the network, or disrupt connectivity. This is particularly critical for small and medium enterprises or branch offices that rely on consumer-grade routers without advanced security controls. The lack of vendor response and patch availability increases exposure time. Additionally, if these devices are deployed in critical infrastructure sectors or government offices, the impact could extend to sensitive data breaches or operational disruptions. Given the remote exploitability without authentication, attackers can scan for vulnerable devices across Europe and compromise them en masse, potentially creating botnets or launching targeted attacks.

Immediate mitigation steps include isolating the affected Wavlink WL-WN578W2 devices from public internet access by placing them behind firewalls or VPNs to restrict remote access to the management interface. Network administrators should disable remote management features if enabled. Monitoring network traffic for unusual command execution patterns or unexpected outbound connections from these devices is advised. Since no official patch is available, consider replacing affected devices with models from vendors with active security support. If replacement is not feasible, applying custom firmware or third-party security patches (if available and trustworthy) could be an option. Regularly audit network devices for firmware versions and maintain an inventory to quickly identify vulnerable units. Finally, educate staff on the risks of using consumer-grade routers in sensitive environments and enforce strict network segmentation to limit potential lateral movement from compromised devices.