CVE-2025-10358

HighPublic PoC

Published: 13 September 2025

Published

13 September 2025

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0062 70.0th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-10358 is a high-severity Command Injection (CWE-77) vulnerability in Wavlink Wl-Wn578W2 Firmware. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 30.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 3 other techniques.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-27 Platform-independent Applications

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

SI-10 Information Input Validation

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1202 Indirect Command Execution Stealth

Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

T1059.008 Network Device CLI Execution

Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.

attack.mitre.org →

Why these techniques?

Unauthenticated remote OS command injection in public-facing /cgi-bin/wireless.cgi enables exploitation of a public-facing application (T1190), indirect command execution via parameter manipulation (T1202), and execution of Unix shell (T1059.004) or network device CLI-equivalent commands (T1059.008).

NVD Description

A security vulnerability has been detected in Wavlink WL-WN578W2 221110. This affects the function sub_404850 of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list leads to os command injection. The attack can be initiated remotely. The exploit has been…

disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2025-10358 is an OS command injection vulnerability affecting the Wavlink WL-WN578W2 router firmware version 221110. The issue resides in the sub_404850 function of the /cgi-bin/wireless.cgi file, where manipulation of the delete_list argument enables arbitrary command execution.

The vulnerability is remotely exploitable by unauthenticated attackers requiring low attack complexity and no user interaction. Exploitation can result in limited impacts to confidentiality, integrity, and availability, as reflected in its CVSS 3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and associated CWEs-77 and CWE-78.

Advisories from VulDB and GitHub references detail a publicly disclosed proof-of-concept targeting the DeleteMac functionality in wireless.cgi. The vendor was contacted early regarding the issue but provided no response or mitigation guidance, such as patches.

The exploit has been publicly released and may be actively used, with no further vendor remediation reported as of the CVE publication on 2025-09-13.

Details

CWE(s): CWE-77 CWE-78

Affected Products

wavlink

wl-wn578w2 firmware

m78w2_v221110

CVEs Like This One

CVE-2025-10359Same product: Wavlink Wl-Wn578W2

CVE-2025-10323Same product: Wavlink Wl-Wn578W2

CVE-2025-10324Same product: Wavlink Wl-Wn578W2

CVE-2025-10325Same product: Wavlink Wl-Wn578W2

CVE-2025-10964Same vendor: Wavlink

CVE-2025-10959Same vendor: Wavlink

CVE-2025-10958Same vendor: Wavlink

CVE-2025-10960Same vendor: Wavlink

CVE-2025-50756Same vendor: Wavlink

CVE-2026-3661Same vendor: Wavlink

References

https://github.com/ZZ2266/.github.io/tree/main/WAVLINK/WL-WN578W2/wireless.cgi/DeleteMac
Exploit, Third Party Advisory · cna@vuldb.com
https://github.com/ZZ2266/.github.io/tree/main/WAVLINK/WL-WN578W2/wireless.cgi/DeleteMac#proof-of-concept-poc
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.323772
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.323772
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.643438
Third Party Advisory, VDB Entry · cna@vuldb.com
https://github.com/ZZ2266/.github.io/tree/main/WAVLINK/WL-WN578W2/wireless.cgi/DeleteMac
Exploit, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0
https://github.com/ZZ2266/.github.io/tree/main/WAVLINK/WL-WN578W2/wireless.cgi/DeleteMac#proof-of-concept-poc
Exploit, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0