CVE-2025-10775 is a security vulnerability identified in the Wavlink WL-NU516U1 wireless network adapter, specifically version 240425. The vulnerability resides in the /cgi-bin/login.cgi script, within the function sub_4012A0, where the 'ipaddr' argument is improperly sanitized. This flaw allows an attacker to perform OS command injection by manipulating the 'ipaddr' parameter, enabling arbitrary command execution on the underlying operating system. The vulnerability can be exploited remotely without requiring user interaction or authentication, making it accessible to unauthenticated attackers over the network. Although the CVSS 4.0 base score is 5.1 (medium severity), the presence of remote code execution potential elevates the risk profile. The vendor, Wavlink, was notified early but has not responded or provided a patch, and the exploit details have been publicly disclosed, increasing the likelihood of exploitation attempts. The vulnerability's impact includes potential unauthorized control over the device, which could be leveraged to pivot into internal networks or disrupt network connectivity. The affected device is a consumer-grade wireless adapter, which may be used in both home and small office environments. The lack of vendor response and public exploit availability heightens the urgency for mitigation by users and administrators.

For European organizations, this vulnerability poses a moderate risk primarily to small offices and home office environments where Wavlink WL-NU516U1 adapters are deployed. Successful exploitation could lead to unauthorized execution of commands on the device, potentially allowing attackers to intercept or manipulate network traffic, disrupt connectivity, or use the compromised device as a foothold for lateral movement into corporate networks. Given the device's role as a network adapter, compromise could affect confidentiality and integrity of data transmitted through it. While the device itself may not host critical data, its compromise could undermine network security controls. The medium CVSS score reflects limited impact on availability and integrity but acknowledges the ease of remote exploitation without authentication. European organizations with remote or hybrid workforces using these adapters are particularly at risk, as attackers can exploit the vulnerability over the internet or local networks. The lack of vendor patch increases exposure duration, necessitating proactive mitigation.

Since no official patch is available from Wavlink, European organizations should implement the following specific mitigations: 1) Immediately identify and inventory all Wavlink WL-NU516U1 devices running firmware version 240425 within the network. 2) Disable remote management interfaces or restrict access to the /cgi-bin/login.cgi endpoint via firewall rules or network segmentation to trusted IP addresses only. 3) Replace affected adapters with alternative models from vendors with active security support, especially in critical environments. 4) Monitor network traffic for unusual command execution patterns or unexpected outbound connections originating from these devices. 5) Employ network intrusion detection systems (NIDS) with signatures targeting known exploit attempts against this vulnerability. 6) Educate users about the risks of using unsupported or unpatched network hardware. 7) If device replacement is not immediately feasible, consider isolating affected devices on separate VLANs to limit potential lateral movement. These steps go beyond generic advice by focusing on network-level controls and device replacement strategies tailored to this specific vulnerability.