CVE-2025-10358

Name of the Vulnerable Software and Affected Versions: Wavlink WL-WN578W2 version 221110

Description: A security issue has been identified in Wavlink WL-WN578W2. Manipulation of the delete list argument in the /cgi-bin/wireless.cgi file’s sub 404850 function can lead to operating system command injection. This issue is remotely exploitable. The exploit has been publicly disclosed.

Recommendations: As a temporary workaround, consider restricting access to the /cgi-bin/wireless.cgi file to minimize the risk of exploitation. Avoid using the delete list parameter in the /cgi-bin/wireless.cgi API endpoint until the issue is resolved.