47 matches found
EUVD-2025-32862
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...
CVE-2025-54402
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...
EUVD-2025-32859
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...
CVE-2025-54401
Planet WGR-500 v1.3411b190912 contains stack-based buffer overflow vulnerabilities in the web server formPingCmd function. Specifically, CVE-2025-54401 stems from unsafe handling of the submit-url parameter copied into a 260-byte buffer (buffer_260) without bounds checking, with additional relate...
CVE-2025-54401
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...
CVE-2025-54402
Planet WGR-500 v1.3411b190912 contains multiple stack-based buffer overflow flaws in the formPingCmd HTTP handling, cited as CVE-2025-54402 among TALOS-2025-2226. The root cause is unsafe use of stack and heap buffers while composing command and request-data strings: submit-url, ipaddr, and count...
CVE-2025-54400
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...
CVE-2025-54399
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...
CVE-2025-54399
Planet WGR-500 v1.3411b190912 suffers multiple stack-based buffer overflow vulnerabilities in the web server’s formPingCmd function. Cisco Talos’ details (TALOS-2025-2226) describe four related CVEs (including CVE-2025-54399) exposed by crafting HTTP requests that construct the command string "pi...
CVE-2025-48826
A format string vulnerability exists in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to memory corruption. An attacker can send a series of HTTP requests to trigger this vulnerability...
CVE-2025-48826
Planet WGR-500 v1.3411b190912 is affected by TALOS-2025-2228, a format-string vulnerability in the formPingCmd function that can lead to memory corruption when processing specially crafted HTTP requests. The vulnerability arises from using a user-controlled submit-url as the format string in an s...
EUVD-2025-32863
Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command...
CVE-2025-54405
Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command...
CVE-2025-54405
Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command...
CVE-2025-54406
Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command...
EUVD-2025-32857
Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command...
CVE-2025-54405
Planet WGR-500 v1.3411b190912 has OS command injection in the formPingCmd functionality. Two parameters, ipaddr and counts, are used to build a shell command via system("ping -c 2>&1 > /tmp/pingResult &"), allowing arbitrary command execution when specially crafted HTTP requests are sent....
CVE-2025-54406
Planet WGR-500 v1.3411b190912 contains OS command injection flaws in the web server’s formPingCmd function. The vulnerability arises from unsafely using request parameters, notably counts , to compose a shell command (ping -c ) which is then executed via system(). Talos confirms multiple vulnera...
Planet WGR-500 formPingCmd stack-based buffer overflow vulnerabilities
Talos Vulnerability Report TALOS-2025-2226 Planet WGR-500 formPingCmd stack-based buffer overflow vulnerabilities October 7, 2025 CVE Number CVE-2025-54401,CVE-2025-54400,CVE-2025-54399,CVE-2025-54402 SUMMARY Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd...
PT-2025-40997
Name of the Vulnerable Software and Affected Versions Planet WGR-500 version 1.3411b190912 Description A format string vulnerability exists in the formPingCmd functionality. A series of specially crafted HTTP requests can lead to memory corruption. An attacker can trigger this by sending a series...