CVE-2025-46271

Planet Technology Network Products OS Command Injection

Description

UNI-NMS-Lite is vulnerable to a command injection attack that could allow an unauthenticated attacker to read or manipulate device data.

Solution:

Planet Technology has released patches for the following devices: * WGS-804HPT (v2) https://www.planet.com.tw/en/product/wgs-804hpt-v2 * WGS-4215-8T2 https://www.planet.com.tw/en/product/wgs-4215-8t2s * S https://www.planet.com.tw/en/product/wgs-4215-8t2s UNI-NMS https://www.planet.com.tw/en/product/uni-nms * NMS-500 https://www.planet.com.tw/en/product/nms-500 * NMS-1000V https://www.planet.com.tw/en/product/nms-1000v

Link	Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06

What is the severity of CVE-2025-46271?: CVE-2025-46271 has been scored as a critical severity vulnerability.
How to fix CVE-2025-46271?: To fix CVE-2025-46271: Planet Technology has released patches for the following devices: * WGS-804HPT (v2) https://www.planet.com.tw/en/product/wgs-804hpt-v2 * WGS-4215-8T2 https://www.planet.com.tw/en/product/wgs-4215-8t2s * S https://www.planet.com.tw/en/product/wgs-4215-8t2s UNI-NMS https://www.planet.com.tw/en/product/uni-nms * NMS-500 https://www.planet.com.tw/en/product/nms-500 * NMS-1000V https://www.planet.com.tw/en/product/nms-1000v
Is CVE-2025-46271 being actively exploited in the wild?: It is possible that CVE-2025-46271 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~3% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-46271?: CVE-2025-46271 affects Planet Technology UNI-NMS-Lite.