Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-48826 | 1 Planet | 2 Wgr-500, Wgr-500 Firmware | 2025-10-09 | N/A | 8.8 HIGH |
| A format string vulnerability exists in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to memory corruption. An attacker can send a series of HTTP requests to trigger this vulnerability. | |||||
| CVE-2025-54399 | 1 Planet | 2 Wgr-500, Wgr-500 Firmware | 2025-10-09 | N/A | 8.8 HIGH |
| Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This buffer overflow is related to the `ipaddr` request parameter for composing the `"ping -c <counts> <ipaddr> 2>&1 > %s &"` string. | |||||
| CVE-2025-54400 | 1 Planet | 2 Wgr-500, Wgr-500 Firmware | 2025-10-09 | N/A | 8.8 HIGH |
| Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This buffer overflow is related to the `counts` request parameter for composing the `"ping -c <counts> <ipaddr> 2>&1 > %s &"` string. | |||||
| CVE-2025-54401 | 1 Planet | 2 Wgr-500, Wgr-500 Firmware | 2025-10-09 | N/A | 8.8 HIGH |
| Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This buffer overflow is related to the `submit-url` request parameter. | |||||
| CVE-2025-54402 | 1 Planet | 2 Wgr-500, Wgr-500 Firmware | 2025-10-09 | N/A | 8.8 HIGH |
| Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This buffer overflow is related to the `submit-url` and `ipaddr` request parameters combined. | |||||
| CVE-2025-54403 | 1 Planet | 2 Wgr-500, Wgr-500 Firmware | 2025-10-09 | N/A | 8.8 HIGH |
| Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is related to the `new_password` request parameter. | |||||
| CVE-2025-54404 | 1 Planet | 2 Wgr-500, Wgr-500 Firmware | 2025-10-09 | N/A | 8.8 HIGH |
| Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is related to the `new_device_name` request parameter. | |||||
| CVE-2025-54405 | 1 Planet | 2 Wgr-500, Wgr-500 Firmware | 2025-10-09 | N/A | 8.8 HIGH |
| Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `ipaddr` request parameter. | |||||
| CVE-2025-54406 | 1 Planet | 2 Wgr-500, Wgr-500 Firmware | 2025-10-09 | N/A | 8.8 HIGH |
| Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `counts` request parameter. | |||||