CVE-2025-10958

medium

Description

A flaw has been found in Wavlink NU516U1 M16U1_V240425. Impacted is the function sub_403010 of the file /cgi-bin/wireless.cgi of the component AddMac Page. This manipulation of the argument macAddr causes command injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

https://vuldb.com/?submit.652768

https://vuldb.com/?id.325826

https://vuldb.com/?ctiid.325826

https://github.com/panda666-888/vuls/blob/main/wavlink/nu516u1/AddMac.md#poc

https://github.com/panda666-888/vuls/blob/main/wavlink/nu516u1/AddMac.md

Details

Source: Mitre, NVD

Published: 2025-09-25

Updated: 2025-09-26

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Severity: Medium

CVSS v4

Base Score: 5.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00856