PT-2026-44815 · Waterfall · Wf-500 Tx/Rx Hosts

Published

2026-05-29

·

Updated

2026-06-01

·

CVE-2025-41277

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040
Description The Console WebUI contains an OS Command Injection issue, which occurs when special elements used in an OS command are not properly neutralized. This allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2025-41277

Affected Products

Wf-500 Tx/Rx Hosts