CVE-2025-54405
BaseFortify
Publication date: 2025-10-07
Last updated on: 2025-11-03
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| planet | wgr-500_firmware | 1.3411b190912 |
| planet | wgr-500 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves multiple operating system command injection flaws in the formPingCmd functionality of the Planet WGR-500 device version v1.3411b190912. An attacker can exploit the 'ipaddr' request parameter by sending a specially crafted series of HTTP requests, which allows them to execute arbitrary commands on the device.
How can this vulnerability impact me? :
The vulnerability can lead to arbitrary command execution on the affected device, which means an attacker could potentially take control of the device, disrupt its operation, steal data, or use it as a foothold to attack other systems. This can result in high confidentiality, integrity, and availability impacts.