Sign-up

ID

VAR-202509-1446


CVE

CVE-2025-10323


TITLE

WAVLINK  of  WL-WN578W2  Injection Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-015091

DESCRIPTION

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is the function sub_409184 of the file /wizard_rep.shtml. The manipulation of the argument sel_EncrypTyp results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. WAVLINK of WL-WN578W2 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Wavlink WL-WN578W2 is a wireless repeater manufactured by Wavlink, a Chinese company. This vulnerability stems from the failure of the sel_Encryp parameter of the sub_409184 function in the file /wizard_rep.shtml to properly sanitize special characters and commands during command construction. An attacker could exploit this vulnerability to execute arbitrary commands

Trust: 2.16

sources: NVD: CVE-2025-10323 // JVNDB: JVNDB-2025-015091 // CNVD: CNVD-2025-22099

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-22099

AFFECTED PRODUCTS

vendor:wavlinkmodel:wl-wn578w2scope:eqversion:m78w2_v221110

Trust: 1.0

vendor:wavlinkmodel:wl-wn578w2scope:eqversion: -

Trust: 0.8

vendor:wavlinkmodel:wl-wn578w2scope:eqversion:wl-wn578w2 firmware m78w2 v221110

Trust: 0.8

vendor:wavlinkmodel:wl-wn578w2scope: - version: -

Trust: 0.8

vendor:wavlinkmodel:wl-wn578w2scope:eqversion:221110

Trust: 0.6

sources: CNVD: CNVD-2025-22099 // JVNDB: JVNDB-2025-015091 // NVD: CVE-2025-10323

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-10323
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2025-10323
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2025-015091
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-22099
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-10323
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-015091
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-22099
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-10323
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-10323
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-015091
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-22099 // JVNDB: JVNDB-2025-015091 // NVD: CVE-2025-10323 // NVD: CVE-2025-10323

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-74

Trust: 1.0

problemtype:injection (CWE-74) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-015091 // NVD: CVE-2025-10323

EXTERNAL IDS

db:NVDid:CVE-2025-10323

Trust: 3.2

db:VULDBid:323749

Trust: 1.8

db:JVNDBid:JVNDB-2025-015091

Trust: 0.8

db:CNVDid:CNVD-2025-22099

Trust: 0.6

sources: CNVD: CNVD-2025-22099 // JVNDB: JVNDB-2025-015091 // NVD: CVE-2025-10323

REFERENCES

url:https://github.com/zz2266/.github.io/tree/main/wavlink/wl-wn578w2/adm.cgi/wizard_rep.shtml

Trust: 1.8

url:https://vuldb.com/?id.323749

Trust: 1.8

url:https://vuldb.com/?submit.643434

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-10323

Trust: 1.4

url:https://vuldb.com/?ctiid.323749

Trust: 1.0

sources: CNVD: CNVD-2025-22099 // JVNDB: JVNDB-2025-015091 // NVD: CVE-2025-10323

SOURCES

db:CNVDid:CNVD-2025-22099
db:JVNDBid:JVNDB-2025-015091
db:NVDid:CVE-2025-10323

LAST UPDATE DATE

2025-10-09T23:33:50.552000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-22099date:2025-09-19T00:00:00
db:JVNDBid:JVNDB-2025-015091date:2025-10-06T07:32:00
db:NVDid:CVE-2025-10323date:2025-10-02T19:47:21.740

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-22099date:2025-09-19T00:00:00
db:JVNDBid:JVNDB-2025-015091date:2025-10-06T00:00:00
db:NVDid:CVE-2025-10323date:2025-09-12T19:15:32.147