CVE-2025-10962 is a command injection vulnerability identified in the Wavlink NU516U1 router, specifically in firmware version M16U1_V240425. The vulnerability resides in the /cgi-bin/wireless.cgi component, within the SetName page's sub_403198 function. The issue arises from improper sanitization of the 'mac_5g' argument, which an attacker can manipulate to inject arbitrary commands. This vulnerability is remotely exploitable without requiring user interaction or authentication, making it particularly dangerous. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L, which suggests limited privileges but no authentication), no user interaction (UI:N), and partial impacts on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). The vendor has been contacted but has not responded or provided a patch, and a public exploit is available, increasing the risk of exploitation. The vulnerability allows attackers to execute arbitrary commands on the device, potentially leading to full device compromise, network pivoting, data interception, or disruption of network services. Given the router's role in network infrastructure, exploitation could affect connected devices and data confidentiality and availability within the network environment.

For European organizations, this vulnerability poses a significant risk, especially for those relying on Wavlink NU516U1 routers in their network infrastructure. Exploitation could lead to unauthorized command execution on the router, enabling attackers to intercept or manipulate network traffic, deploy malware, or disrupt network availability. This could affect business continuity, data privacy compliance (e.g., GDPR), and operational security. Small and medium enterprises (SMEs) and home office environments using this device are particularly vulnerable due to typically weaker network defenses. The lack of vendor response and patch availability increases exposure time. Additionally, attackers could use compromised routers as footholds for lateral movement within corporate networks or as part of botnets targeting European infrastructure. The medium CVSS score reflects the partial impact on confidentiality, integrity, and availability, but the ease of remote exploitation without user interaction or authentication elevates the threat level.

Organizations should immediately inventory their network devices to identify any Wavlink NU516U1 routers running the affected firmware version M16U1_V240425. Until an official patch is released, the following mitigations are recommended: 1) Disable remote management interfaces or restrict access to trusted IP addresses only, minimizing exposure to the vulnerable CGI endpoint. 2) Implement network segmentation to isolate vulnerable devices from critical infrastructure and sensitive data. 3) Monitor network traffic for unusual command injection patterns or unexpected outbound connections originating from the router. 4) Consider replacing affected devices with models from vendors with active security support if patching is not forthcoming. 5) Employ intrusion detection/prevention systems (IDS/IPS) with signatures targeting this exploit. 6) Regularly update firmware when patches become available and subscribe to vendor or security advisories for timely information. 7) Educate IT staff on recognizing signs of router compromise and establish incident response plans specific to network device breaches.