CNNVD-202509-1795 Information

Sep 12, 2025 cve

CNNVD ID

CNNVD-202509-1795

CVE-2025-10324

CNNVD Published: 2025-09-12

Description (Chinese)

Wavlink WL-WN578W2是中国睿因（Wavlink）公司的一款无线中继器。 Wavlink WL-WN578W2 221110版本存在命令注入漏洞，该漏洞源于对文件firewall.cgi中函数sub_401C5C的参数pingFrmWANFilterEnabled/blockSynFloodEnabled/blockPortScanEnabled/remoteManagementEnabled的错误操作，可能导致远程命令注入攻击。

Description (English)

Wavlink WL-WN578W2 is a wireless repeater of Wavlink. The Wavlink WL-WN578W2 221110 version contains a command-injecting loophole, which stems from the error of the parameter for the function sub 401C5C in file firwall.cgi, pingFrmWANFilterEnabled/blockSynFlooodEnabled/blockPortScanEnabled/remoteManagementEnabled, which may result in a remote command injection attack.

Hazard Level

Medium

Vulnerability Type

命令注入

Affected Vendor

睿因

Published

2025-09-12

Last Modified

2026-02-24

References

https://github.com/ZZ2266/.github.io/tree/main/WAVLINK/WL-WN578W2/firewall.cgi/websSysFirewall https://vuldb.com/?ctiid.323750 https://vuldb.com/?id.323750 https://vuldb.com/?submit.643435 https://access.redhat.com/security/cve/cve-2025-10324

Share on: