CVE-2025-46273

Planet Technology Network Products Use of Hard-coded Credentials

Description

UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to gain administrative privileges to all UNI-NMS managed devices.

Remediation

Solution:

  • Planet Technology has released patches for the following devices: * WGS-804HPT (v2) https://www.planet.com.tw/en/product/wgs-804hpt-v2 * WGS-4215-8T2 https://www.planet.com.tw/en/product/wgs-4215-8t2s * S https://www.planet.com.tw/en/product/wgs-4215-8t2s UNI-NMS https://www.planet.com.tw/en/product/uni-nms * NMS-500 https://www.planet.com.tw/en/product/nms-500 * NMS-1000V https://www.planet.com.tw/en/product/nms-1000v

Category

9.3
CVSS
Severity: Critical
CVSS 4.0 •
CVSS 3.1 •
EPSS 0.10%
Affected: Planet Technology UNI-NMS-Lite
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06

Frequently Asked Questions

What is the severity of CVE-2025-46273?
CVE-2025-46273 has been scored as a critical severity vulnerability.
How to fix CVE-2025-46273?
To fix CVE-2025-46273: Planet Technology has released patches for the following devices: * WGS-804HPT (v2) https://www.planet.com.tw/en/product/wgs-804hpt-v2 * WGS-4215-8T2 https://www.planet.com.tw/en/product/wgs-4215-8t2s * S https://www.planet.com.tw/en/product/wgs-4215-8t2s UNI-NMS https://www.planet.com.tw/en/product/uni-nms * NMS-500 https://www.planet.com.tw/en/product/nms-500 * NMS-1000V https://www.planet.com.tw/en/product/nms-1000v
Is CVE-2025-46273 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-46273 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-46273?
CVE-2025-46273 affects Planet Technology UNI-NMS-Lite.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.