CVE-2025-44868
Published: 02 May 2025
Summary
CVE-2025-44868 is a critical-severity Command Injection (CWE-77) vulnerability in Wavlink Wl-Wn530H4 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 10.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Wavlink WL-WN530H4 firmware dated 20220801 contains a command injection vulnerability in the ping_test function of adm.cgi that is triggered through the pingIp parameter. The flaw, tracked as CVE-2025-44868 and assigned CWE-77, permits unauthenticated remote attackers to supply crafted input that results in execution of arbitrary operating-system commands. It carries a CVSS 3.1 base score of 9.8 reflecting network attack vector, low complexity, and no required privileges or user interaction.
An attacker with network reachability to the device can submit a malicious HTTP request to the administrative CGI endpoint and obtain command execution. Successful exploitation yields full control over the router, enabling actions such as configuration changes, traffic interception, persistence installation, or lateral movement within the attached network.
Public references consist of proof-of-concept repositories that demonstrate the injection vector but contain no vendor advisory, firmware update, or mitigation guidance. The EPSS score rose from lower values to a peak of 0.1000 on 2026-04-16 before receding to the current 0.0435, indicating measurable post-disclosure exploitation interest that later subsided.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-13242
Vulnerability details
Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the ping_test function of the adm.cgi via the pingIp parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in web admin CGI (adm.cgi ping_test) enables remote exploitation of public-facing application (T1190) and arbitrary CLI command execution on network device (T1059.008).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.