Waterfall-security

Wf-500 Firmware

17 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2025-41281

  • EPSS 0.51%
  • Veröffentlicht 29.05.2026 11:00:16
  • Zuletzt bearbeitet 01.06.2026 18:55:43

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execut...

7.8

CVE-2025-41280

  • EPSS 0.15%
  • Veröffentlicht 29.05.2026 10:59:40
  • Zuletzt bearbeitet 01.06.2026 18:56:05

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configur...

7.2

CVE-2025-41279

  • EPSS 0.88%
  • Veröffentlicht 29.05.2026 10:59:10
  • Zuletzt bearbeitet 01.06.2026 18:55:55

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticat...

7.8

CVE-2025-41278

  • EPSS 0.12%
  • Veröffentlicht 29.05.2026 10:58:37
  • Zuletzt bearbeitet 01.06.2026 18:56:23

Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host.

9.8

CVE-2025-41277

  • EPSS 1.38%
  • Veröffentlicht 29.05.2026 10:57:59
  • Zuletzt bearbeitet 01.06.2026 18:56:32

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenti...

9.8

CVE-2025-41276

  • EPSS 1.38%
  • Veröffentlicht 29.05.2026 10:57:22
  • Zuletzt bearbeitet 01.06.2026 18:56:42

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenti...

9.8

CVE-2025-41275

  • EPSS 1.38%
  • Veröffentlicht 29.05.2026 10:56:28
  • Zuletzt bearbeitet 01.06.2026 18:56:49

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenti...

9.8

CVE-2025-41274

  • EPSS 1.38%
  • Veröffentlicht 29.05.2026 10:53:38
  • Zuletzt bearbeitet 01.06.2026 18:56:56

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenti...

9.8

CVE-2025-41273

  • EPSS 0.41%
  • Veröffentlicht 29.05.2026 10:53:02
  • Zuletzt bearbeitet 01.06.2026 18:57:02

Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authent...

9.8

CVE-2025-41272

  • EPSS 1.38%
  • Veröffentlicht 29.05.2026 10:52:21
  • Zuletzt bearbeitet 01.06.2026 18:57:09

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenti...