Waterfall-security Wf-500_firmware
17 CVEs affecting Waterfall-security Wf-500_firmware. Latest disclosed: 2026-05-29. Critical: 9, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-41277 | Critical | 9.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Wa… |
CVE-2025-41276 | Critical | 9.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Wa… |
CVE-2025-41275 | Critical | 9.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Wa… |
CVE-2025-41274 | Critical | 9.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Wa… |
CVE-2025-41273 | Critical | 9.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in… |
CVE-2025-41272 | Critical | 9.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Wa… |
CVE-2025-41270 | Critical | 9.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Wa… |
CVE-2025-41269 | Critical | 9.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Wa… |
CVE-2025-41268 | Critical | 9.1 | 2026-05-29 | Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R250217104… |
CVE-2025-41281 | High | 7.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Waterfall WF-500 RX Hos… |
CVE-2025-41280 | High | 7.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers w… |
CVE-2025-41278 | High | 7.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to… |
CVE-2025-41271 | High | 7.5 | 2026-05-29 | Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that… |
CVE-2025-41279 | High | 7.2 | 2026-05-29 | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebU… |
CVE-2025-41267 | High | 7.2 | 2026-05-29 | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebU… |
CVE-2025-41266 | High | 7.2 | 2026-05-29 | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebU… |
CVE-2025-41265 | High | 7.2 | 2026-05-29 | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebU… |