CVE-2025-10359

HighPublic PoC

Published: 13 September 2025

Published

13 September 2025

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0062 70.0th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-10359 is a high-severity Command Injection (CWE-77) vulnerability in Wavlink Wl-Wn578W2 Firmware. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 30.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-27 Platform-independent Applications

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

SI-10 Information Input Validation

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1202 Indirect Command Execution Stealth

Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.

attack.mitre.org →

Why these techniques?

Unauthenticated OS command injection in public-facing web CGI (/cgi-bin/wireless.cgi) enables exploitation of public-facing application (T1190), exploitation of remote services (T1210), and indirect command execution (T1202) via manipulated macAddr parameter.

NVD Description

A vulnerability was detected in Wavlink WL-WN578W2 221110. This impacts the function sub_404DBC of the file /cgi-bin/wireless.cgi. The manipulation of the argument macAddr results in os command injection. The attack can be launched remotely. The exploit is now public and…

may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2025-10359 is an OS command injection vulnerability in the Wavlink WL-WN578W2 router firmware version 221110. The flaw affects the sub_404DBC function in the /cgi-bin/wireless.cgi script, where manipulation of the macAddr argument enables command injection. It is classified under CWE-77 and CWE-78, with a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity.

The vulnerability is exploitable remotely by unauthenticated attackers requiring low attack complexity and no user interaction. Exploitation allows attackers to execute arbitrary operating system commands on the affected device, potentially leading to limited impacts on confidentiality, integrity, and availability, such as data leakage, modification of device settings, or disruption of services.

Advisories and references, including VulDB entries (ctiid.323773, id.323773) and GitHub proof-of-concept code, confirm the exploit is publicly available and may be used. The vendor was contacted early for disclosure but provided no response, and no patches or mitigations are mentioned.

Details

CWE(s): CWE-77 CWE-78

Affected Products

wavlink

wl-wn578w2 firmware

m78w2_v221110

CVEs Like This One

CVE-2025-10358Same product: Wavlink Wl-Wn578W2

CVE-2025-10325Same product: Wavlink Wl-Wn578W2

CVE-2025-10323Same product: Wavlink Wl-Wn578W2

CVE-2025-10324Same product: Wavlink Wl-Wn578W2

CVE-2025-10963Same vendor: Wavlink

CVE-2025-9149Same vendor: Wavlink

CVE-2025-10964Same vendor: Wavlink

CVE-2025-10959Same vendor: Wavlink

CVE-2025-10958Same vendor: Wavlink

CVE-2025-10960Same vendor: Wavlink

References

https://github.com/ZZ2266/.github.io/blob/main/WAVLINK/WL-WN578W2/wireless.cgi/add_mac/
Exploit, Third Party Advisory · cna@vuldb.com
https://github.com/ZZ2266/.github.io/tree/main/WAVLINK/WL-WN578W2/wireless.cgi/add_mac#proof-of-concept-poc
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.323773
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.323773
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.643444
Third Party Advisory, VDB Entry · cna@vuldb.com