CVE Alert: CVE-2025-54399 – Planet – WGR-500
CVE-2025-54399
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This buffer overflow is related to the `ipaddr` request parameter for composing the `"ping -c <counts> <ipaddr> 2>&1 > %s &"` string.
AI Summary Analysis
Risk verdict
High risk of remote, unauthenticated exploitation with potential full device compromise; act promptly if the device is reachable from untrusted networks.
Why this matters
The stack-based buffer overflow can be triggered via crafted HTTP requests, enabling code execution and service disruption on the affected gateway. In environments where this device sits at the network edge, an attacker could exfiltrate data, tamper traffic, or pivot within the network, undermining availability and integrity.
Most likely attack path
Remote attacker, no user interaction required, with low preconditions other than network access to the device’s HTTP interface. Exploit targets a crafted ipaddr parameter in a ping command, enabling a stack overflow and arbitrary code execution. Because scope is unchanged, impact is concentrated on the affected device, but successful exploitation can still enable persistent control and subsequent disruption.
Who is most exposed
Devices with exposed HTTP management interfaces (especially edge/gateway devices) in enterprise or service-provider networks are at greatest risk, notably where management is reachable from less trusted segments or the Internet.
Detection ideas
- Sudden device reboots or crashes during HTTP traffic bursts containing ping commands.
- Logs showing crashes or stack traces related to formPingCmd or ipaddr handling.
- Abnormal CPU/memory spikes with HTTP requests containing unusual ping -c patterns.
- WAF/NIDS alerts on malformed or crafted ipaddr parameters in ping commands.
Mitigation and prioritisation
- Apply vendor patch or upgrade to fixed firmware immediately.
- If patching is delayed, implement network access controls to restrict management interfaces to trusted hosts; enable just-in-time access where possible.
- Validate and harden input handling for ipaddr/ping-related commands; disable unauthorised ping commands on management interfaces.
- Monitor for exploit indicators and establish recovery playbooks; coordinate change management for firmware updates.
- Treat as priority due to high CVSS impact and network-exposed attack path.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
