Details of VAR-202509-1538

ID

VAR-202509-1538

CVE

CVE-2025-10321

TITLE

WAVLINK of WL-WN578W2 Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2025-015092

DESCRIPTION

A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is an unknown function of the file /live_online.shtml. Executing manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. WAVLINK of WL-WN578W2 There are unspecified vulnerabilities in the firmware.Information may be obtained. The Wavlink WL-WN578W2 is a wireless repeater manufactured by Wavlink, a Chinese company. The Wavlink WL-WN578W2 version 221110 contains an access control vulnerability. This vulnerability stems from incorrect access control in the file /live_online.shtml. An attacker could exploit this vulnerability to leak information

Trust: 2.16

sources: NVD: CVE-2025-10321 // JVNDB: JVNDB-2025-015092 // CNVD: CNVD-2025-22318

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-22318

AFFECTED PRODUCTS

vendor:	wavlink	model:	wl-wn578w2	scope:	eq	version:	m78w2_v221110	Trust: 1.0
vendor:	wavlink	model:	wl-wn578w2	scope:	eq	version:	-	Trust: 0.8
vendor:	wavlink	model:	wl-wn578w2	scope:	eq	version:	wl-wn578w2 firmware m78w2 v221110	Trust: 0.8
vendor:	wavlink	model:	wl-wn578w2	scope:	-	version:	-	Trust: 0.8
vendor:	wavlink	model:	wl-wn578w2	scope:	eq	version:	221110	Trust: 0.6

sources: CNVD: CNVD-2025-22318 // JVNDB: JVNDB-2025-015092 // NVD: CVE-2025-10321

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-10321
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-015092
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-22318
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2025-10321
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-015092
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-22318
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-10321
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-015092
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-22318 // JVNDB: JVNDB-2025-015092 // NVD: CVE-2025-10321

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	information leak (CWE-200) [ others ]	Trust: 0.8
problemtype:	Inappropriate access control (CWE-284) [ others ]	Trust: 0.8
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-015092 // NVD: CVE-2025-10321

EXTERNAL IDS

db:	NVD	id:	CVE-2025-10321	Trust: 3.2
db:	VULDB	id:	323747	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-015092	Trust: 0.8
db:	CNVD	id:	CNVD-2025-22318	Trust: 0.6

sources: CNVD: CNVD-2025-22318 // JVNDB: JVNDB-2025-015092 // NVD: CVE-2025-10321

REFERENCES

url:	https://github.com/zz2266/.github.io/tree/main/wavlink/wl-wn578w2/live_online.shtml	Trust: 1.8
url:	https://vuldb.com/?id.323747	Trust: 1.8
url:	https://vuldb.com/?submit.643431	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-10321	Trust: 1.4
url:	https://vuldb.com/?ctiid.323747	Trust: 1.0

sources: CNVD: CNVD-2025-22318 // JVNDB: JVNDB-2025-015092 // NVD: CVE-2025-10321

SOURCES

db:	CNVD	id:	CNVD-2025-22318
db:	JVNDB	id:	JVNDB-2025-015092
db:	NVD	id:	CVE-2025-10321

LAST UPDATE DATE

2025-10-09T23:19:03.331000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-22318	date:	2025-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2025-015092	date:	2025-10-06T07:32:00
db:	NVD	id:	CVE-2025-10321	date:	2025-10-02T19:56:34.403

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-22318	date:	2025-09-19T00:00:00
db:	JVNDB	id:	JVNDB-2025-015092	date:	2025-10-06T00:00:00
db:	NVD	id:	CVE-2025-10321	date:	2025-09-12T18:15:33.690