Planet WGR-500 Firmware 1.3411b190912
Approved changes feed: RSS · Atom
cpe:2.3:o:planet:wgr-500_firmware:1.3411b190912:*:*:*:*:*:*:*
part: o version: 1.3411b190912 update: *
| Vendor | Planet (8ec268c0-d586-5bdd-b738-39b77072c2c8) |
|---|---|
| Product | Wgr 500 Firmware (9fd2b25d-a049-5ee7-8b2b-3634bac71833) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-54406 |
vulnerable | 2026-06-03 15:04:55.966443 |
Details available
HIGH (8.8)
Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `counts` request parameter.
Published: 2025-10-07T13:55:04.884Z
Updated: 2025-11-03T17:45:10.121Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54405 |
vulnerable | 2026-06-03 15:04:55.966140 |
Details available
HIGH (8.8)
Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `ipaddr` request parameter.
Published: 2025-10-07T13:55:04.725Z
Updated: 2025-11-03T17:45:09.157Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54404 |
vulnerable | 2026-06-03 15:04:55.965748 |
Details available
HIGH (8.8)
Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is related to the `new_device_name` request parameter.
Published: 2025-10-07T13:55:08.258Z
Updated: 2025-11-03T17:45:08.205Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54403 |
vulnerable | 2026-06-03 15:04:55.965449 |
Details available
HIGH (8.8)
Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is related to the `new_password` request parameter.
Published: 2025-10-07T13:55:07.948Z
Updated: 2025-11-03T17:45:07.266Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54402 |
vulnerable | 2026-06-03 15:04:55.964975 |
Details available
HIGH (8.8)
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This buffer overflow is related to the `submit-url` and `ipaddr` request parameters combined.
Published: 2025-10-07T13:55:10.827Z
Updated: 2025-11-03T17:45:06.312Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54401 |
vulnerable | 2026-06-03 15:04:55.964501 |
Details available
HIGH (8.8)
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This buffer overflow is related to the `submit-url` request parameter.
Published: 2025-10-07T13:55:10.615Z
Updated: 2025-11-03T17:45:05.277Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54400 |
vulnerable | 2026-06-03 15:04:55.963942 |
Details available
HIGH (8.8)
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This buffer overflow is related to the `counts` request parameter for composing the `"ping -c <counts> <ipaddr> 2>&1 > %s &"` string.
Published: 2025-10-07T13:55:10.308Z
Updated: 2025-11-03T17:45:04.274Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54399 |
vulnerable | 2026-06-03 15:04:55.962398 |
Details available
HIGH (8.8)
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This buffer overflow is related to the `ipaddr` request parameter for composing the `"ping -c <counts> <ipaddr> 2>&1 > %s &"` string.
Published: 2025-10-07T13:55:09.891Z
Updated: 2025-11-03T17:45:03.319Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-48826 |
vulnerable | 2026-06-03 15:01:43.558016 |
Details available
HIGH (8.8)
A format string vulnerability exists in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to memory corruption. An attacker can send a series of HTTP requests to trigger this vulnerability.
Published: 2025-10-07T13:55:06.364Z
Updated: 2025-11-03T17:44:55.116Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.