CNNVD-202509-1834 Information

CNNVD ID

CNNVD-202509-1834

Related CVE

CVE-2025-10359

• CNNVD Published: 2025-09-13

Description (Chinese)

Wavlink WL-WN578W2是中国睿因（Wavlink）公司的一款无线中继器。 Wavlink WL-WN578W2 221110版本存在操作系统命令注入漏洞，该漏洞源于对文件/cgi-bin/wireless.cgi中参数macAddr的错误操作，可能导致os命令注入攻击。

Description (English)

Wavlink WL-WN578W2 is a wireless repeater of Wavlink. The Wavlink WL-WN578W2 221110 version contains a bug in the operating system command, which results from an error in the macAddr parameter in file/cgi-bin/wireless.cgi, which could lead to an Os command injection attack.

Hazard Level

Medium

Vulnerability Type

操作系统命令注入

Affected Vendor

睿因

Published

2025-09-13

Last Modified

2026-02-24

References

https://vuldb.com/?submit.643444 https://github.com/ZZ2266/.github.io/tree/main/WAVLINK/WL-WN578W2/wireless.cgi/add_mac#proof-of-concept-poc https://vuldb.com/?ctiid.323773 https://github.com/ZZ2266/.github.io/blob/main/WAVLINK/WL-WN578W2/wireless.cgi/add_mac/ https://vuldb.com/?id.323773 https://access.redhat.com/security/cve/cve-2025-10359