CVE Alert: CVE-2025-54405 – Planet – WGR-500
CVE-2025-54405
Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `ipaddr` request parameter.
AI Summary Analysis
Risk verdict
Why this matters
Most likely attack path
Who is most exposed
Detection ideas
- Alerts for unusual or injected values in the ipaddr parameter of formPingCmd requests.
- Unexpected OS command execution events or process spawning on the device.
- Sudden spikes in CPU/memory or anomalous outbound connections post HTTP requests.
- Logs showing repeated crafted requests triggering failures or unusual command activity.
- WAF/IDS signatures matching OS command injection patterns.
Mitigation and prioritisation
- Apply vendor patch/update to fixed version; test before rollout.
- If patching is slow, implement network controls: restrict management interface exposure, IP allowlists, and require authentication for management endpoints.
- Enable strict input validation and implement WAF rules to block suspicious ipaddr payloads.
- Segment networks and monitor for post-exploit activity.
- If KEV is true or EPSS ≥ 0.5, treat as priority 1; otherwise treat as priority 2.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
