VYPR

Wl Wn578w2 Firmware

by Wavlink

CVEs (7)

  • CVE-2025-10359HigSep 13, 2025
    risk 0.48cvss 7.3epss 0.06

    A vulnerability was detected in Wavlink WL-WN578W2 221110. This impacts the function sub_404DBC of the file /cgi-bin/wireless.cgi. The manipulation of the argument macAddr results in os command injection. The attack can be launched remotely. The exploit is now public and may be…

  • CVE-2025-10358HigSep 13, 2025
    risk 0.48cvss 7.3epss 0.06

    A security vulnerability has been detected in Wavlink WL-WN578W2 221110. This affects the function sub_404850 of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list leads to os command injection. The attack can be initiated remotely. The exploit has been…

  • CVE-2025-10324HigSep 12, 2025
    risk 0.48cvss 7.3epss 0.08

    A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects the function sub_401C5C of the file firewall.cgi. This manipulation of the argument pingFrmWANFilterEnabled/blockSynFloodEnabled/blockPortScanEnabled/remoteManagementEnabled causes command injection. It is…

  • CVE-2025-10323HigSep 12, 2025
    risk 0.48cvss 7.3epss 0.08

    A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is the function sub_409184 of the file /wizard_rep.shtml. The manipulation of the argument sel_EncrypTyp results in command injection. The attack may be performed from remote. The exploit has been made…

  • CVE-2026-4543MedMar 22, 2026
    risk 0.41cvss 6.3epss 0.03

    A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmz_flag/del_flag results in command injection. It is possible…

  • CVE-2025-10325MedSep 12, 2025
    risk 0.41cvss 6.3epss 0.07

    A vulnerability was identified in Wavlink WL-WN578W2 221110. This impacts the function sub_401340/sub_401BA4 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to command injection. It is possible to launch the attack remotely. The exploit is publicly…

  • CVE-2026-4544LowMar 22, 2026
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects an unknown function of the file /cgi-bin/login.cgi of the component POST Request Handler. Executing a manipulation of the argument homepage/hostname/login_page can lead to cross site scripting. It is…