CVE-2025-41275

Vulnerability Description

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.

Vulnerability Details

Published Date

May 29, 2026

Last Modified

May 29, 2026

CWE ID

CWE-78

Source

NVD

Vendor

Waterfall

Product

WF-500

External References

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41275

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment