CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-10359

A vulnerability was detected in Wavlink WL-WN578W2 221110. This impacts the function sub_404DBC of the file /cgi-bin/wireless.cgi. The manipulation of the argument macAddr results in os command injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 59.1%

CVSS Severity

CVSS v3 Score 7.3

CVSS v2 Score 7.5

References

https://github.com/ZZ2266/.github.io/blob/main/WAVLINK/WL-WN578W2/wireless.cgi/add_mac/
https://github.com/ZZ2266/.github.io/tree/main/WAVLINK/WL-WN578W2/wireless.cgi/add_mac#proof-of-concept-poc
https://vuldb.com/?ctiid.323773
https://vuldb.com/?id.323773
https://vuldb.com/?submit.643444

Products affected by CVE-2025-10359

Wavlink » Wl-Wn578w2 » Version: N/A

cpe:2.3:h:wavlink:wl-wn578w2:-
Wavlink » Wl-Wn578w2 Firmware » Version: m78w2_v221110

cpe:2.3:o:wavlink:wl-wn578w2_firmware:m78w2_v221110

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-10359

Products

Pricing

Contact Us