cbcvebase.

Wavlink Wl-Wn578W2 vulnerabilities

10 known vulnerabilities affecting wavlink/wl-wn578w2.

Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH1MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2025-10358P2CRITICALCVSS 9.8v2211102025-09-13
CVE-2025-10358 [CRITICAL] CWE-77 CVE-2025-10358: A security vulnerability has been detected in Wavlink WL-WN578W2 221110. This affects the function s A security vulnerability has been detected in Wavlink WL-WN578W2 221110. This affects the function sub_404850 of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early abo
nvd
CVE-2025-10324P2CRITICALCVSS 9.8v2211102025-09-12
CVE-2025-10324 [CRITICAL] CWE-74 CVE-2025-10324: A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects the function sub_401C5C of A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects the function sub_401C5C of the file firewall.cgi. This manipulation of the argument pingFrmWANFilterEnabled/blockSynFloodEnabled/blockPortScanEnabled/remoteManagementEnabled causes command injection. It is possible to initiate the attack remotely. The exploit has been publicl
nvd
CVE-2025-10359P2CRITICALCVSS 9.8v2211102025-09-13
CVE-2025-10359 [CRITICAL] CWE-77 CVE-2025-10359: A vulnerability was detected in Wavlink WL-WN578W2 221110. This impacts the function sub_404DBC of t A vulnerability was detected in Wavlink WL-WN578W2 221110. This impacts the function sub_404DBC of the file /cgi-bin/wireless.cgi. The manipulation of the argument macAddr results in os command injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not
nvd
CVE-2025-10323P2CRITICALCVSS 9.8v2211102025-09-12
CVE-2025-10323 [CRITICAL] CWE-74 CVE-2025-10323: A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is the function sub_409 A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is the function sub_409184 of the file /wizard_rep.shtml. The manipulation of the argument sel_EncrypTyp results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this dis
nvd
CVE-2025-10325P2HIGHCVSS 8.8v2211102025-09-12
CVE-2025-10325 [HIGH] CWE-74 CVE-2025-10325: A vulnerability was identified in Wavlink WL-WN578W2 221110. This impacts the function sub_401340/su A vulnerability was identified in Wavlink WL-WN578W2 221110. This impacts the function sub_401340/sub_401BA4 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this dis
nvd
CVE-2026-4164P2CRITICALCVSS 9.8v2211102026-03-16
CVE-2026-4164 [CRITICAL] CWE-74 CVE-2026-4164: A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete_Mac_list/SetName A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete_Mac_list/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is possible to launch the attack remotely. The exploit has been published and may be used. It is recommended
nvd
CVE-2026-4543P3MEDIUMCVSS 6.3v2211102026-03-22
CVE-2026-4543 [MEDIUM] CWE-74 CVE-2026-4543: A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmz_flag/del_flag results in command injection. It is possible to initiate the attack remotely. The exploit has been made public and could b
nvd
CVE-2025-10322P3MEDIUMCVSS 5.3v2211102025-09-12
CVE-2025-10322 [MEDIUM] CWE-640 CVE-2025-10322: A vulnerability has been found in Wavlink WL-WN578W2 221110. The affected element is an unknown func A vulnerability has been found in Wavlink WL-WN578W2 221110. The affected element is an unknown function of the file /sysinit.html. The manipulation of the argument newpass/confpass leads to weak password recovery. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacte
nvd
CVE-2025-10321P4MEDIUMCVSS 5.3v2211102025-09-12
CVE-2025-10321 [MEDIUM] CWE-200 CVE-2025-10321: A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is an unknown function of the file /liv A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is an unknown function of the file /live_online.shtml. Executing manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd
CVE-2026-4544P4MEDIUMCVSS 4.8v2211102026-03-22
CVE-2026-4544 [MEDIUM] CWE-79 CVE-2026-4544: A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects an unknown function of the A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects an unknown function of the file /cgi-bin/login.cgi of the component POST Request Handler. Executing a manipulation of the argument homepage/hostname/login_page can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed
nvd
Wavlink Wl-Wn578W2 vulnerabilities | cvebase