Sign-up

ID

VAR-202509-1437


CVE

CVE-2025-10325


TITLE

WAVLINK  of  WL-WN578W2  Injection Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-015649

DESCRIPTION

A vulnerability was identified in Wavlink WL-WN578W2 221110. This impacts the function sub_401340/sub_401BA4 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. WAVLINK of WL-WN578W2 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Wavlink WL-WN578W2 is a wireless repeater manufactured by Wavlink, a Chinese company. This vulnerability stems from the failure of the ipaddr parameter in the sub_401340 function of the /cgi-bin/login.cgi file to properly sanitize special characters and commands during command construction. An attacker could exploit this vulnerability to execute arbitrary commands

Trust: 2.16

sources: NVD: CVE-2025-10325 // JVNDB: JVNDB-2025-015649 // CNVD: CNVD-2025-22095

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-22095

AFFECTED PRODUCTS

vendor:wavlinkmodel:wl-wn578w2scope:eqversion:m78w2_v221110

Trust: 1.0

vendor:wavlinkmodel:wl-wn578w2scope:eqversion:wl-wn578w2 firmware m78w2 v221110

Trust: 0.8

vendor:wavlinkmodel:wl-wn578w2scope:eqversion: -

Trust: 0.8

vendor:wavlinkmodel:wl-wn578w2scope: - version: -

Trust: 0.8

vendor:wavlinkmodel:wl-wn578w2scope:eqversion:221110

Trust: 0.6

sources: CNVD: CNVD-2025-22095 // JVNDB: JVNDB-2025-015649 // NVD: CVE-2025-10325

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-10325
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2025-10325
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-015649
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-22095
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2025-10325
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-015649
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-22095
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-10325
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-10325
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-015649
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-22095 // JVNDB: JVNDB-2025-015649 // NVD: CVE-2025-10325 // NVD: CVE-2025-10325

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-74

Trust: 1.0

problemtype:injection (CWE-74) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-015649 // NVD: CVE-2025-10325

EXTERNAL IDS

db:NVDid:CVE-2025-10325

Trust: 3.2

db:VULDBid:323751

Trust: 1.8

db:JVNDBid:JVNDB-2025-015649

Trust: 0.8

db:CNVDid:CNVD-2025-22095

Trust: 0.6

sources: CNVD: CNVD-2025-22095 // JVNDB: JVNDB-2025-015649 // NVD: CVE-2025-10325

REFERENCES

url:https://github.com/zz2266/.github.io/blob/main/wavlink/wl-wn578w2/login.cgi/login/readme.md

Trust: 1.8

url:https://vuldb.com/?id.323751

Trust: 1.8

url:https://vuldb.com/?submit.643436

Trust: 1.8

url:https://vuldb.com/?submit.643437

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-10325

Trust: 1.4

url:https://vuldb.com/?ctiid.323751

Trust: 1.0

sources: CNVD: CNVD-2025-22095 // JVNDB: JVNDB-2025-015649 // NVD: CVE-2025-10325

SOURCES

db:CNVDid:CNVD-2025-22095
db:JVNDBid:JVNDB-2025-015649
db:NVDid:CVE-2025-10325

LAST UPDATE DATE

2025-10-12T23:08:23.076000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-22095date:2025-09-19T00:00:00
db:JVNDBid:JVNDB-2025-015649date:2025-10-10T02:15:00
db:NVDid:CVE-2025-10325date:2025-10-02T20:17:36.187

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-22095date:2025-09-19T00:00:00
db:JVNDBid:JVNDB-2025-015649date:2025-10-10T00:00:00
db:NVDid:CVE-2025-10325date:2025-09-12T20:15:42.493