CVE-2025-10961 is a command injection vulnerability identified in the Wavlink NU516U1 router, specifically in the firmware version M16U1_V240425. The vulnerability resides in the /cgi-bin/wireless.cgi component, within the Delete_Mac_list page's function sub_4030C0. An attacker can exploit improper handling of the 'delete_list' argument, allowing them to inject arbitrary commands into the system shell. This type of vulnerability enables remote attackers with low privileges to execute commands on the device without requiring user interaction. The vulnerability has a CVSS 4.0 base score of 5.1, indicating a medium severity level. The attack vector is adjacent network (AV:A), meaning the attacker must have access to the local network or a connected wireless network. The vulnerability does not require user interaction and has low attack complexity. The vendor, Wavlink, was contacted but has not responded or provided a patch, leaving the device exposed. Command injection vulnerabilities in network devices like routers can lead to full device compromise, unauthorized network access, and pivoting to internal networks. Given the device's role as a network gateway, exploitation could compromise confidentiality, integrity, and availability of connected systems.

For European organizations, this vulnerability poses a significant risk, especially for those using Wavlink NU516U1 routers in their network infrastructure. Successful exploitation could allow attackers to execute arbitrary commands, potentially leading to network disruption, data interception, or lateral movement within corporate networks. This is particularly concerning for small and medium enterprises (SMEs) and remote offices that may rely on consumer-grade or lower-cost networking equipment like Wavlink devices without rigorous security controls. The medium CVSS score reflects moderate risk; however, the lack of vendor response and patch availability increases exposure time. Attackers with access to the local network, such as malicious insiders or compromised devices, could leverage this vulnerability to gain persistent access or disrupt operations. Additionally, critical sectors such as healthcare, finance, and manufacturing that depend on reliable network infrastructure could face operational impacts or data breaches if exploited.

Given the absence of an official patch from Wavlink, European organizations should implement the following specific mitigations: 1) Immediately identify and inventory all Wavlink NU516U1 devices running the vulnerable firmware version M16U1_V240425. 2) Segment networks to isolate these devices from sensitive internal systems, restricting access to the router's management interfaces to trusted administrators only. 3) Disable or restrict access to the /cgi-bin/wireless.cgi endpoint if possible, or apply web application firewall (WAF) rules to detect and block suspicious input patterns targeting the 'delete_list' parameter. 4) Monitor network traffic and device logs for unusual command execution or unauthorized access attempts. 5) Consider replacing vulnerable devices with more secure alternatives if patching or vendor support is unavailable. 6) Employ network access controls and strong authentication mechanisms to limit attacker access to the local network. 7) Educate IT staff about the vulnerability and ensure incident response plans include steps for potential exploitation scenarios involving network devices.