The vulnerability identified as CVE-2025-50757 affects the Wavlink WN535K3 router firmware version 20191010. It is a command injection vulnerability located in the set_sys_adm function, specifically exploitable via the username parameter. Command injection vulnerabilities allow an attacker to execute arbitrary system commands on the affected device by injecting malicious input into parameters that are improperly sanitized. In this case, the username parameter is not properly validated or sanitized, enabling an attacker to craft a specially designed request that results in execution of arbitrary commands with the privileges of the affected service, which is typically running with elevated permissions on the router. This can lead to full compromise of the device, allowing attackers to manipulate network traffic, intercept data, create persistent backdoors, or pivot into internal networks. The vulnerability is present in the firmware version dated 20191010, but no other affected versions are specified. There are no known public exploits in the wild at the time of publication, and no patches or mitigations have been officially released. The vulnerability was reserved in June 2025 and published in September 2025. No CVSS score has been assigned yet. The lack of a CVSS score and absence of patch links suggest this is a newly disclosed vulnerability requiring urgent attention from users of the affected device. Given the nature of command injection and the typical role of routers as network gateways, exploitation could have severe consequences for network security and data confidentiality.

For European organizations, this vulnerability poses a significant risk, especially for those using Wavlink WN535K3 routers in their network infrastructure. Exploitation could allow attackers to gain unauthorized control over network devices, leading to interception or manipulation of sensitive communications, disruption of network availability, and potential lateral movement within corporate networks. This could compromise confidentiality, integrity, and availability of critical systems and data. Small and medium enterprises, as well as home office setups relying on this router model, could be particularly vulnerable due to limited IT security resources and delayed patching. Additionally, critical infrastructure sectors such as finance, healthcare, and government agencies in Europe could face heightened risks if these devices are deployed in their environments. The absence of known exploits currently reduces immediate risk, but the potential for weaponization remains high given the severity of command injection flaws. The threat also extends to privacy concerns for individual users in Europe, as compromised routers can be used for mass surveillance or as part of botnets.

1. Immediate mitigation should include isolating the affected Wavlink WN535K3 devices from critical network segments to limit potential impact. 2. Network administrators should monitor network traffic for unusual activity indicative of exploitation attempts, such as unexpected outbound connections or command execution patterns. 3. Implement strict access controls on router management interfaces, restricting access to trusted IP addresses and enforcing strong authentication mechanisms. 4. Disable remote management features if not required to reduce the attack surface. 5. Regularly audit and update router firmware; although no patch is currently available, users should stay alert for official updates from Wavlink and apply them promptly once released. 6. Employ network segmentation and intrusion detection/prevention systems to detect and contain potential compromises. 7. For organizations with security operations centers, incorporate detection signatures specific to command injection attempts targeting the username parameter of the set_sys_adm function. 8. Consider replacing vulnerable devices with models from vendors with stronger security track records if immediate patching is not feasible.