CVE-2025-50756 is a critical command injection vulnerability identified in the Wavlink WN535K3 router firmware version 20191010. The flaw exists in the set_sys_adm function, specifically through the newpass parameter, which is used to set a new administrative password. Due to insufficient input validation or sanitization, an attacker can craft a malicious request that injects arbitrary system commands. This vulnerability allows remote attackers to execute arbitrary commands on the underlying operating system with the privileges of the web server process, which typically runs with elevated rights on the device. The CVSS v3.1 base score of 9.8 reflects the high severity, indicating that the vulnerability is remotely exploitable over the network without authentication or user interaction, and can lead to complete compromise of the device’s confidentiality, integrity, and availability. The CWE-77 classification confirms that this is a command injection issue, a critical class of vulnerabilities that can lead to full system takeover. No patches or fixes have been linked yet, and there are no known exploits in the wild at the time of publication. However, given the severity and ease of exploitation, this vulnerability poses a significant risk to any network using the affected Wavlink device.

For European organizations, the impact of this vulnerability can be severe. Wavlink routers are commonly used in small to medium enterprises and home office environments, which are integral to many European businesses’ network infrastructure. Exploitation could allow attackers to gain persistent control over the router, enabling interception or manipulation of network traffic, deployment of malware, lateral movement within internal networks, and disruption of internet connectivity. This can lead to data breaches, intellectual property theft, operational downtime, and reputational damage. Critical infrastructure sectors relying on these devices for connectivity could face cascading effects, including disruption of services. Additionally, compromised routers can be used as launch points for further attacks against European targets or as part of botnets, amplifying the threat landscape. The lack of authentication and user interaction requirements makes this vulnerability particularly dangerous in environments where these devices are exposed to untrusted networks or the internet.

Immediate mitigation steps include isolating affected Wavlink WN535K3 routers from untrusted networks and restricting management interface access to trusted internal IP addresses only. Network administrators should implement strict firewall rules to block external access to router management ports (e.g., HTTP/HTTPS). Monitoring network traffic for unusual patterns or command injection attempts targeting the newpass parameter can help detect exploitation attempts. Since no official patches are currently available, organizations should consider replacing vulnerable devices with models from vendors that provide timely security updates. Additionally, employing network segmentation to limit the impact of compromised devices and deploying intrusion detection/prevention systems (IDS/IPS) with signatures for command injection attempts can enhance defense. Regularly auditing router configurations and firmware versions, and subscribing to vendor security advisories, will help ensure timely application of future patches.