CVE Alert: CVE-2025-54404 – Planet – WGR-500
CVE-2025-54404
Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is related to the `new_device_name` request parameter.
AI Summary Analysis
Risk verdict
High risk due to remote OS command injection with high impact; no active exploitation is indicated at present.
Why this matters
An attacker can trigger arbitrary commands via the network request parameter, potentially taking full control of the affected device, exfiltrating data or disrupting services. In environments where such devices sit on critical network paths, exploitation could enable further compromise across adjacent assets or business processes.
Most likely attack path
Attacker needs network access with low complexity and no user interaction to target the swctrl surface and the new_device_name parameter. Successful exploitation yields total impact on confidentiality, integrity and availability, and could serve as a foothold for lateral movement within the local network.
Who is most exposed
Devices deployed with publicly reachable or poorly segmented management interfaces are most at risk, particularly in small to mid-sized networks where such gateways are exposed to broader networks or internet-facing management.
Detection ideas
- Unusual or shell-like commands appearing in system/process logs after requests to swctrl endpoints
- Repeated or crafted requests to the new_device_name parameter from unknown sources
- Unexpected network traffic originating from the device to external destinations
- Anomalous changes to device configuration or service restarts following specific requests
- IDS/IPS alerts tied to command execution patterns over management ports
Mitigation and prioritisation
- Patch to vendor-fixed firmware once available; apply in maintenance window
- Restrict network access to the management interfaces (firewall, ACLs, VPN-only access)
- Disable or harden the swctrl functionality if feasible; enforce least-privilege operation
- Verify changes in a staging environment before production rollout; document in change control
- Enable enhanced monitoring and log retention for command execution indicators
- If patching is delayed, implement compensating controls such as network segmentation and strict egress filtering
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
