CVE-2025-10359 is a remote OS command injection vulnerability affecting the Wavlink WL-WN578W2 wireless router, specifically version 221110. The vulnerability resides in the function sub_404DBC within the /cgi-bin/wireless.cgi script. An attacker can manipulate the macAddr argument passed to this CGI endpoint, which is not properly sanitized, allowing arbitrary OS commands to be executed on the device. This type of vulnerability enables an unauthenticated remote attacker to execute commands with the privileges of the web server process, potentially leading to full device compromise. The vulnerability has a CVSS 4.0 base score of 6.9 (medium severity), reflecting its network attack vector, low attack complexity, no privileges or user interaction required, and limited impact on confidentiality, integrity, and availability. The exploit code has been publicly disclosed, increasing the risk of exploitation, although no confirmed in-the-wild attacks have been reported yet. The vendor, Wavlink, was notified early but has not responded or issued a patch, leaving affected devices exposed. Given the device’s role as a wireless router, successful exploitation could allow attackers to manipulate network traffic, intercept sensitive data, or pivot into internal networks. The lack of vendor response and public exploit availability heightens the urgency for mitigation by users and administrators.

For European organizations, this vulnerability poses a significant risk especially for small and medium enterprises (SMEs) and home office environments that rely on Wavlink WL-WN578W2 routers for network connectivity. Exploitation could lead to unauthorized network access, interception of confidential communications, and potential lateral movement within corporate networks. This could compromise data confidentiality and integrity, disrupt availability of network services, and facilitate further attacks such as malware deployment or data exfiltration. The impact is particularly critical in sectors handling sensitive personal data under GDPR, such as healthcare, finance, and legal services. Additionally, compromised routers could be leveraged as part of botnets or for launching attacks against other targets, amplifying the threat landscape in Europe. The absence of vendor patches means organizations must rely on network-level mitigations and device replacement to reduce exposure.

Given the lack of an official patch from Wavlink, European organizations should implement the following specific mitigations: 1) Immediately isolate affected WL-WN578W2 devices from critical network segments and the internet where possible. 2) Replace vulnerable routers with devices from vendors that provide timely security updates and have a strong security track record. 3) If replacement is not immediately feasible, restrict access to the router’s management interface by implementing strict firewall rules allowing only trusted IP addresses. 4) Monitor network traffic for unusual patterns indicative of exploitation attempts, such as unexpected outbound connections or command execution signatures. 5) Disable remote management features on the router to reduce attack surface. 6) Employ network segmentation to limit potential lateral movement from compromised devices. 7) Regularly audit and update network device inventories to identify vulnerable hardware. 8) Educate IT staff and users about the risks associated with this vulnerability and the importance of timely device updates or replacements.