Lucene search
K

47 matches found

EUVD
EUVD
added 2025/10/07 1:55 p.m.5 views

EUVD-2025-32862

Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...

8.8CVSS7AI score0.00678EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/10/07 1:55 p.m.7 views

CVE-2025-54402

Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...

8.8CVSS0.00708EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 1:55 p.m.4 views

EUVD-2025-32859

Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...

8.8CVSS7AI score0.00708EPSS
Exploits1References2
CVE
CVE
added 2025/10/07 1:55 p.m.12 views

CVE-2025-54401

Planet WGR-500 v1.3411b190912 contains stack-based buffer overflow vulnerabilities in the web server formPingCmd function. Specifically, CVE-2025-54401 stems from unsafe handling of the submit-url parameter copied into a 260-byte buffer (buffer_260) without bounds checking, with additional relate...

8.8CVSS7.2AI score0.00678EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/10/07 1:55 p.m.8 views

CVE-2025-54401

Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...

8.8CVSS0.00678EPSS
Exploits1References1
CVE
CVE
added 2025/10/07 1:55 p.m.14 views

CVE-2025-54402

Planet WGR-500 v1.3411b190912 contains multiple stack-based buffer overflow flaws in the formPingCmd HTTP handling, cited as CVE-2025-54402 among TALOS-2025-2226. The root cause is unsafe use of stack and heap buffers while composing command and request-data strings: submit-url, ipaddr, and count...

8.8CVSS7.2AI score0.00708EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/10/07 1:55 p.m.11 views

CVE-2025-54400

Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...

8.8CVSS0.00678EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/10/07 1:55 p.m.8 views

CVE-2025-54399

Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...

8.8CVSS0.00708EPSS
Exploits1References1
CVE
CVE
added 2025/10/07 1:55 p.m.19 views

CVE-2025-54399

Planet WGR-500 v1.3411b190912 suffers multiple stack-based buffer overflow vulnerabilities in the web server’s formPingCmd function. Cisco Talos’ details (TALOS-2025-2226) describe four related CVEs (including CVE-2025-54399) exposed by crafting HTTP requests that construct the command string "pi...

8.8CVSS7.2AI score0.00708EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/10/07 1:55 p.m.10 views

CVE-2025-48826

A format string vulnerability exists in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to memory corruption. An attacker can send a series of HTTP requests to trigger this vulnerability...

8.8CVSS0.04385EPSS
Exploits1References1
CVE
CVE
added 2025/10/07 1:55 p.m.16 views

CVE-2025-48826

Planet WGR-500 v1.3411b190912 is affected by TALOS-2025-2228, a format-string vulnerability in the formPingCmd function that can lead to memory corruption when processing specially crafted HTTP requests. The vulnerability arises from using a user-controlled submit-url as the format string in an s...

8.8CVSS6.5AI score0.04385EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/07 1:55 p.m.5 views

EUVD-2025-32863

Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command...

8.8CVSS7.3AI score0.04229EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/10/07 1:55 p.m.2 views

CVE-2025-54405

Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command...

8.8CVSS7.5AI score0.04229EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/10/07 1:55 p.m.7 views

CVE-2025-54405

Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command...

8.8CVSS0.04229EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/10/07 1:55 p.m.7 views

CVE-2025-54406

Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command...

8.8CVSS0.04229EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 1:55 p.m.2 views

EUVD-2025-32857

Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command...

8.8CVSS7.3AI score0.04229EPSS
Exploits1References2
CVE
CVE
added 2025/10/07 1:55 p.m.14 views

CVE-2025-54405

Planet WGR-500 v1.3411b190912 has OS command injection in the formPingCmd functionality. Two parameters, ipaddr and counts, are used to build a shell command via system("ping -c 2>&1 > /tmp/pingResult &"), allowing arbitrary command execution when specially crafted HTTP requests are sent....

8.8CVSS7.5AI score0.04229EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2025/10/07 1:55 p.m.12 views

CVE-2025-54406

Planet WGR-500 v1.3411b190912 contains OS command injection flaws in the web server’s formPingCmd function. The vulnerability arises from unsafely using request parameters, notably counts , to compose a shell command (ping -c ) which is then executed via system(). Talos confirms multiple vulnera...

8.8CVSS7.5AI score0.04229EPSS
Exploits1References2Affected Software1
Talos
Talos
added 2025/10/07 12:0 a.m.8 views

Planet WGR-500 formPingCmd stack-based buffer overflow vulnerabilities

Talos Vulnerability Report TALOS-2025-2226 Planet WGR-500 formPingCmd stack-based buffer overflow vulnerabilities October 7, 2025 CVE Number CVE-2025-54401,CVE-2025-54400,CVE-2025-54399,CVE-2025-54402 SUMMARY Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd...

8.8CVSS8AI score0.00708EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2025/10/07 12:0 a.m.4 views

PT-2025-40997

Name of the Vulnerable Software and Affected Versions Planet WGR-500 version 1.3411b190912 Description A format string vulnerability exists in the formPingCmd functionality. A series of specially crafted HTTP requests can lead to memory corruption. An attacker can trigger this by sending a series...

8.8CVSS6.4AI score0.04385EPSS
Exploits1References7
Rows per page
Query Builder