CVE-2025-10321

Published: Sep 12, 2025Modified: Oct 2, 2025

5.5

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is an unknown function of the file /live_online.shtml. Executing manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected (1)

Products: Wavlink: Wl Wn578w2 Firmware

1 product

Wl Wn578w2 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wavlink Wl Wn578w2 Firmware	Version m78w2_v221110

Running on/with	Platform Versions
Wavlink Wl Wn578w2	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

https://github.com/ZZ2266/.github.io/tree/main/WAVLINK/WL-WN578W2/live_online.shtml

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.323747

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.323747

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.643431

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

Timeline

No history available yet.