CVE-2025-48826
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-07
Last updated on: 2025-11-03
Assigner: Talos
Description
Description
A format string vulnerability exists in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to memory corruption. An attacker can send a series of HTTP requests to trigger this vulnerability.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| planet | wgr-500_firmware | 1.3411b190912 |
| planet | wgr-500 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-134 | The product uses a function that accepts a format string as an argument, but the format string originates from an external source. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a format string vulnerability in the formPingCmd functionality of the Planet WGR-500 device running version 1.3411b190912. It can be triggered by sending a specially crafted series of HTTP requests, which leads to memory corruption.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to memory corruption, which may allow an attacker to compromise the device's confidentiality, integrity, and availability, potentially resulting in unauthorized access or control over the device.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70