CVE-2025-10358 | Wavlink WL-WN578W2 221110 /cgi-bin/wireless.cgi sub_404850 delete_list os command injection

Inserito da Angelo Barbosa | Set 12, 2025 | CVE

A vulnerability was found in Wavlink WL-WN578W2 221110. It has been rated as critical. This affects the function sub_404850 of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list leads to os command injection.

This vulnerability is documented as CVE-2025-10358. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-10358 | Wavlink WL-WN578W2 221110 /cgi-bin/wireless.cgi sub_404850 delete_list os command injection

Post correlati

CVE-2025-0557 | Hyland Alfresco Community Edition up to 6.2.2 URL /share/s/ cross site scripting

CVE-2024-37080 | VMware vCenter Server/Cloud Foundation DCERPC heap-based overflow

CVE-2024-27307 | jsonata Object Prototype code injection

CVE-2024-34952 | NetEase taurusxin ncmdump 1.3.2 NCM File /src/ncmcrypt.cpp FixMetadata memory corruption