CVE-2025-41281
OS Command Injection in Waterfall WF-500 RX Host
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: Nozomi Networks Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nozomi_networks | waterfall_wf-500_rx_host | 7.9.1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an OS Command Injection (CWE-78) found in the Waterfall WF-500 RX Host version 7.9.1.0. It allows attackers who have access to the TX Host to execute arbitrary code on the RX Host if a MySQL connector is configured.
How can this vulnerability impact me? :
An attacker with access to the TX Host can exploit this vulnerability to execute code on the RX Host, potentially leading to unauthorized control, data compromise, or disruption of services.
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate mitigation step is to update the Waterfall WF-500 RX Host software to version 7.10.0.0 R2601141040, which addresses this vulnerability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability allows attackers with access to the TX Host to execute arbitrary code on the RX Host when a MySQL connector is configured. Detection would involve monitoring for unusual or unauthorized command execution originating from the TX Host targeting the RX Host.
Specific detection commands or tools are not provided in the available resources.