CVE-2025-10358 is a security vulnerability identified in the Wavlink WL-WN578W2 wireless router, specifically in version 221110. The vulnerability resides in the /cgi-bin/wireless.cgi script, within the function sub_404850. It arises from improper handling of the 'delete_list' argument, which allows an attacker to perform OS command injection. This means that an attacker can craft malicious input to execute arbitrary operating system commands on the device remotely, without requiring any authentication or user interaction. The vulnerability is remotely exploitable over the network (AV:N), with low attack complexity (AC:L), and no privileges or user interaction needed (PR:N/UI:N). The impact on confidentiality, integrity, and availability is low to limited (VC:L/VI:L/VA:L), indicating that while the attacker can execute commands, the scope of damage may be somewhat constrained by the device's environment or built-in protections. The vendor was informed but did not respond or provide a patch, and no known exploits are currently observed in the wild. The CVSS 4.0 base score is 6.9, categorizing it as a medium severity vulnerability. The public disclosure of the exploit code increases the risk of exploitation, especially given the lack of vendor mitigation. The vulnerability affects a specific firmware version, and the attack vector is network-based, making it a significant concern for exposed devices.

For European organizations using the Wavlink WL-WN578W2 router with the affected firmware, this vulnerability poses a tangible risk. Successful exploitation could allow attackers to execute arbitrary commands on the device, potentially leading to unauthorized access to the internal network, interception or manipulation of network traffic, or disruption of network services. This could compromise the confidentiality and integrity of sensitive data transmitted through the network and impact availability if the device is destabilized or taken offline. Small and medium enterprises, home offices, and branch offices relying on this router model without timely firmware updates are particularly vulnerable. The lack of vendor response and patch availability exacerbates the risk, as organizations cannot rely on official fixes. Additionally, the public disclosure of exploit details may attract opportunistic attackers targeting exposed devices in Europe, where Wavlink products have market presence. The impact is heightened in sectors with stringent data protection requirements under GDPR, as exploitation could lead to data breaches and regulatory penalties.

Given the absence of an official patch from the vendor, European organizations should take immediate and specific actions beyond generic advice: 1) Identify and inventory all Wavlink WL-WN578W2 devices running firmware version 221110 within their networks. 2) Isolate affected devices from untrusted networks, especially the internet, by implementing network segmentation and firewall rules restricting access to the router's management interfaces and CGI endpoints. 3) Disable remote management features if enabled, particularly access to /cgi-bin/wireless.cgi or similar CGI scripts. 4) Monitor network traffic for unusual or suspicious requests targeting the vulnerable CGI endpoint, employing intrusion detection systems with custom signatures if possible. 5) Consider replacing the affected devices with alternative hardware from vendors with active security support if patching is not forthcoming. 6) Regularly check for updates from Wavlink or trusted security advisories for any forthcoming patches or mitigations. 7) Educate IT staff about the vulnerability and the importance of restricting access to network devices. These steps will help reduce the attack surface and mitigate exploitation risks until a vendor patch is available.