CVE-2025-10359 | Wavlink WL-WN578W2 221110 /cgi-bin/wireless.cgi sub_404DBC macAddr os command injection

Inserito da Angelo Barbosa | Set 12, 2025 | CVE

A vulnerability categorized as critical has been discovered in Wavlink WL-WN578W2 221110. This impacts the function sub_404DBC of the file /cgi-bin/wireless.cgi. The manipulation of the argument macAddr results in os command injection.

This vulnerability is reported as CVE-2025-10359. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-10359 | Wavlink WL-WN578W2 221110 /cgi-bin/wireless.cgi sub_404DBC macAddr os command injection

Post correlati

CVE-2022-30265 | Emerson PAC Machine Edition code download (icsa-24-158-01)

CVE-2024-11860 | SourceCodester Best House Rental Management System 1.0 POST Request ajax.php?action=delete_tenant id improper authorization

CVE-2024-2486 | Tenda AC18 15.03.05.05 /goform/QuickIndex formQuickIndex PPPOEPassword stack-based overflow

CVE-2024-6552 | Booking for Appointments and Events Calendar Plugin information disclosure