Details of VAR-202509-1455

ID

VAR-202509-1455

CVE

CVE-2025-10322

TITLE

WAVLINK of WL-WN578W2 Vulnerability related to password management function in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-015734

DESCRIPTION

A vulnerability has been found in Wavlink WL-WN578W2 221110. The affected element is an unknown function of the file /sysinit.html. The manipulation of the argument newpass/confpass leads to weak password recovery. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. WAVLINK of WL-WN578W2 There is a vulnerability in the firmware related to the password management function.Information may be tampered with. The Wavlink WL-WN578W2 is a wireless repeater from the Chinese company Wavlink. The Wavlink WL-WN578W2 version 221110 contains an authorization vulnerability. This vulnerability stems from improper permission management for the newpass/confpass parameters in the /sysinit.html file

Trust: 2.16

sources: NVD: CVE-2025-10322 // JVNDB: JVNDB-2025-015734 // CNVD: CNVD-2025-22319

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-22319

AFFECTED PRODUCTS

vendor:	wavlink	model:	wl-wn578w2	scope:	eq	version:	m78w2_v221110	Trust: 1.0
vendor:	wavlink	model:	wl-wn578w2	scope:	-	version:	-	Trust: 0.8
vendor:	wavlink	model:	wl-wn578w2	scope:	eq	version:	wl-wn578w2 firmware m78w2 v221110	Trust: 0.8
vendor:	wavlink	model:	wl-wn578w2	scope:	eq	version:	-	Trust: 0.8
vendor:	wavlink	model:	wl-wn578w2	scope:	eq	version:	221110	Trust: 0.6

sources: CNVD: CNVD-2025-22319 // JVNDB: JVNDB-2025-015734 // NVD: CVE-2025-10322

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-10322
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-015734
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-22319
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2025-10322
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-015734
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-22319
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-10322
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-015734
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-22319 // JVNDB: JVNDB-2025-015734 // NVD: CVE-2025-10322

PROBLEMTYPE DATA

problemtype:	CWE-640	Trust: 1.0
problemtype:	How weak password recovery works if you forget your password (CWE-640) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-015734 // NVD: CVE-2025-10322

EXTERNAL IDS

db:	NVD	id:	CVE-2025-10322	Trust: 3.2
db:	VULDB	id:	323748	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-015734	Trust: 0.8
db:	CNVD	id:	CNVD-2025-22319	Trust: 0.6

sources: CNVD: CNVD-2025-22319 // JVNDB: JVNDB-2025-015734 // NVD: CVE-2025-10322

REFERENCES

url:	https://github.com/zz2266/.github.io/tree/main/wavlink/wl-wn578w2/sysinit.html	Trust: 1.8
url:	https://vuldb.com/?id.323748	Trust: 1.8
url:	https://vuldb.com/?submit.643433	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-10322	Trust: 1.4
url:	https://vuldb.com/?ctiid.323748	Trust: 1.0

sources: CNVD: CNVD-2025-22319 // JVNDB: JVNDB-2025-015734 // NVD: CVE-2025-10322

SOURCES

db:	CNVD	id:	CNVD-2025-22319
db:	JVNDB	id:	JVNDB-2025-015734
db:	NVD	id:	CVE-2025-10322

LAST UPDATE DATE

2025-10-11T23:22:23.353000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-22319	date:	2025-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2025-015734	date:	2025-10-10T06:51:00
db:	NVD	id:	CVE-2025-10322	date:	2025-10-02T19:54:11.603

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-22319	date:	2025-09-19T00:00:00
db:	JVNDB	id:	JVNDB-2025-015734	date:	2025-10-10T00:00:00
db:	NVD	id:	CVE-2025-10322	date:	2025-09-12T18:15:33.877