Sign-up

ID

VAR-202509-1421


CVE

CVE-2025-10324


TITLE

WAVLINK  of  WL-WN578W2  Injection Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-015735

DESCRIPTION

A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects the function sub_401C5C of the file firewall.cgi. This manipulation of the argument pingFrmWANFilterEnabled/blockSynFloodEnabled/blockPortScanEnabled/remoteManagementEnabled causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. WAVLINK of WL-WN578W2 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Wavlink WL-WN578W2 is a wireless repeater manufactured by Wavlink, a Chinese company. This vulnerability stems from the failure of the pingFrmWANFilterEnabled/blockSynFloodEnabled/blockPortScanEnabled/remoteManagementEnabled parameter in the firewall.cgi function to properly filter special characters and commands in constructed commands. This vulnerability could allow an attacker to execute arbitrary commands

Trust: 2.16

sources: NVD: CVE-2025-10324 // JVNDB: JVNDB-2025-015735 // CNVD: CNVD-2025-22096

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-22096

AFFECTED PRODUCTS

vendor:wavlinkmodel:wl-wn578w2scope:eqversion:m78w2_v221110

Trust: 1.0

vendor:wavlinkmodel:wl-wn578w2scope: - version: -

Trust: 0.8

vendor:wavlinkmodel:wl-wn578w2scope:eqversion:wl-wn578w2 firmware m78w2 v221110

Trust: 0.8

vendor:wavlinkmodel:wl-wn578w2scope:eqversion: -

Trust: 0.8

vendor:wavlinkmodel:wl-wn578w2scope:eqversion:221110

Trust: 0.6

sources: CNVD: CNVD-2025-22096 // JVNDB: JVNDB-2025-015735 // NVD: CVE-2025-10324

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-10324
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2025-10324
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2025-015735
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-22096
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-10324
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-015735
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-22096
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-10324
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-10324
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-015735
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-22096 // JVNDB: JVNDB-2025-015735 // NVD: CVE-2025-10324 // NVD: CVE-2025-10324

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-74

Trust: 1.0

problemtype:injection (CWE-74) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [NVD evaluation ]

Trust: 0.8

problemtype: Command injection (CWE-77) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-015735 // NVD: CVE-2025-10324

EXTERNAL IDS

db:NVDid:CVE-2025-10324

Trust: 3.2

db:VULDBid:323750

Trust: 1.8

db:JVNDBid:JVNDB-2025-015735

Trust: 0.8

db:CNVDid:CNVD-2025-22096

Trust: 0.6

sources: CNVD: CNVD-2025-22096 // JVNDB: JVNDB-2025-015735 // NVD: CVE-2025-10324

REFERENCES

url:https://github.com/zz2266/.github.io/tree/main/wavlink/wl-wn578w2/firewall.cgi/webssysfirewall

Trust: 1.8

url:https://vuldb.com/?id.323750

Trust: 1.8

url:https://vuldb.com/?submit.643435

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-10324

Trust: 1.4

url:https://vuldb.com/?ctiid.323750

Trust: 1.0

sources: CNVD: CNVD-2025-22096 // JVNDB: JVNDB-2025-015735 // NVD: CVE-2025-10324

SOURCES

db:CNVDid:CNVD-2025-22096
db:JVNDBid:JVNDB-2025-015735
db:NVDid:CVE-2025-10324

LAST UPDATE DATE

2025-10-11T23:39:04.539000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-22096date:2025-09-19T00:00:00
db:JVNDBid:JVNDB-2025-015735date:2025-10-10T06:52:00
db:NVDid:CVE-2025-10324date:2025-10-02T19:45:13.880

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-22096date:2025-09-19T00:00:00
db:JVNDBid:JVNDB-2025-015735date:2025-10-10T00:00:00
db:NVDid:CVE-2025-10324date:2025-09-12T20:15:42.280