CVE-2025-10359 is a remote OS command injection vulnerability identified in the Wavlink WL-WN578W2 wireless router, specifically in firmware version 221110. The vulnerability resides in the function sub_404DBC within the /cgi-bin/wireless.cgi script, where the macAddr parameter is improperly sanitized. An attacker can manipulate this argument to inject arbitrary operating system commands, which the device executes with the privileges of the web server process. This flaw allows unauthenticated remote attackers to execute arbitrary commands on the device without requiring user interaction. The vulnerability has a CVSS 4.0 base score of 6.9, indicating a medium severity level, with characteristics including network attack vector, low complexity, no privileges or user interaction needed, and limited impact on confidentiality, integrity, and availability. Although the vendor was notified early, no patch or response has been issued, and while no exploits are currently known in the wild, a public exploit is available, increasing the risk of exploitation. The vulnerability affects a specific firmware version, suggesting that devices running this version are at risk until patched or mitigated.

For European organizations, this vulnerability poses a significant risk to network security, particularly for those using Wavlink WL-WN578W2 routers with the affected firmware. Successful exploitation could lead to unauthorized command execution, enabling attackers to gain control over the router, manipulate network traffic, intercept sensitive data, or pivot to internal networks. This could compromise confidentiality, integrity, and availability of organizational networks. Given the router’s role as a network gateway, exploitation could disrupt business operations, cause data breaches, or facilitate further attacks such as lateral movement or persistent access. The lack of vendor response and patch availability exacerbates the risk, especially for organizations with limited ability to replace or upgrade hardware promptly. Additionally, the medium severity rating suggests that while the impact is not critical, the ease of exploitation and remote attack vector make it a credible threat that requires timely attention.

Organizations should immediately inventory their network devices to identify any Wavlink WL-WN578W2 routers running firmware version 221110. In the absence of an official patch, mitigation should focus on network-level controls: restrict remote access to the router’s management interface by implementing firewall rules that limit access to trusted IP addresses or internal networks only. Disable remote management features if not required. Monitor network traffic for unusual activity indicative of command injection attempts, such as unexpected outbound connections or command execution patterns. Consider segmenting the network to isolate vulnerable devices from critical assets. If possible, downgrade or upgrade the firmware to a version not affected by this vulnerability, or replace the device with a more secure alternative. Regularly check for vendor updates or community patches. Additionally, implement intrusion detection/prevention systems (IDS/IPS) with signatures targeting this specific exploit to detect and block attempts. Finally, educate IT staff about this vulnerability to ensure rapid response to any suspicious activity.