CVE-2025-10323
Published: 12 September 2025
Summary
CVE-2025-10323 is a high-severity Injection (CWE-74) vulnerability in Wavlink Wl-Wn578W2 Firmware. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Device CLI (T1059.008); ranked in the top 32.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.
Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote command injection via web interface (/wizard_rep.shtml, sel_EncrypTyp parameter) on network device enables exploitation of public-facing application (T1190), network device CLI command execution (T1059.008), and indirect command execution (T1202 as cited in advisory).
NVD Description
A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is the function sub_409184 of the file /wizard_rep.shtml. The manipulation of the argument sel_EncrypTyp results in command injection. The attack may be performed from remote. The exploit has been…
more
made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-10323 is a command injection vulnerability affecting the Wavlink WL-WN578W2 router firmware version 221110. The flaw exists in the sub_409184 function of the /wizard_rep.shtml file, where manipulation of the sel_EncrypTyp argument enables attackers to inject arbitrary commands. It is classified under CWE-74 and CWE-77, with a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).
Remote unauthenticated attackers can exploit this vulnerability over the network with low attack complexity and without requiring user interaction. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling command execution on the device.
VulDB advisories note that the vendor was contacted early regarding disclosure but provided no response, and no patches or mitigations are referenced. An exploit has been publicly disclosed on GitHub and could be used by attackers.
Details
- CWE(s)