CVE-2025-46272

Planet Technology Network Products OS Command Injection

Description

WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection attack that could allow an unauthenticated attacker to execute OS commands on the host system.

Remediation

Solution:

Planet Technology has released patches for the following devices: * WGS-804HPT (v2) https://www.planet.com.tw/en/product/wgs-804hpt-v2 * WGS-4215-8T2 https://www.planet.com.tw/en/product/wgs-4215-8t2s * S https://www.planet.com.tw/en/product/wgs-4215-8t2s UNI-NMS https://www.planet.com.tw/en/product/uni-nms * NMS-500 https://www.planet.com.tw/en/product/nms-500 * NMS-1000V https://www.planet.com.tw/en/product/nms-1000v

References

Link	Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06

Frequently Asked Questions

What is the severity of CVE-2025-46272?: CVE-2025-46272 has been scored as a critical severity vulnerability.
How to fix CVE-2025-46272?: To fix CVE-2025-46272: Planet Technology has released patches for the following devices: * WGS-804HPT (v2) https://www.planet.com.tw/en/product/wgs-804hpt-v2 * WGS-4215-8T2 https://www.planet.com.tw/en/product/wgs-4215-8t2s * S https://www.planet.com.tw/en/product/wgs-4215-8t2s UNI-NMS https://www.planet.com.tw/en/product/uni-nms * NMS-500 https://www.planet.com.tw/en/product/nms-500 * NMS-1000V https://www.planet.com.tw/en/product/nms-1000v
Is CVE-2025-46272 being actively exploited in the wild?: It is possible that CVE-2025-46272 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~3% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-46272?: CVE-2025-46272 affects Planet Technology WGS-804HPT-V2, Planet Technology WGS-4215-8T2S.

Description

Remediation

Category

CWE-78 – Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

References

Frequently Asked Questions