PT-2026-44805 · Waterfall · Wf-500 Tx Host

Published

2026-05-29

·

Updated

2026-06-02

·

CVE-2025-41267

CVSS v4.0

8.5

High

VectorAV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Waterfall WF-500 TX Host version 7.9.1.0 R2502171040
Description An OS Command Injection issue exists in the Administration WebUI, which allows remote authenticated attackers to execute arbitrary operating system commands on the host. OS Command Injection is a flaw where an application fails to properly neutralize special elements used in an OS command, allowing an attacker to inject their own commands into the system.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2025-41267

Affected Products

Wf-500 Tx Host