CVE-2025-54405
Published: 07 October 2025
Description
Adversaries may abuse Unix shell commands and scripts for execution.
Security Summary
CVE-2025-54405 describes multiple OS command injection vulnerabilities (CWE-78) in the formPingCmd functionality of Planet WGR-500 router firmware version v1.3411b190912. These flaws arise from improper handling of the `ipaddr` request parameter, allowing specially crafted series of HTTP requests to inject and execute arbitrary operating system commands.
An attacker with low privileges (PR:L) can exploit this vulnerability over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N), achieving high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), as scored at CVSS 8.8 (CVSS:3.1). By sending a tailored sequence of HTTP requests targeting the formPingCmd endpoint, the attacker gains arbitrary command execution on the underlying system.
For mitigation details, refer to the Cisco Talos Intelligence advisories at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2229 and https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2229, published alongside the CVE on 2025-10-07.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is an OS command injection in a public-facing web endpoint (formPingCmd) on a router, directly enabling exploitation of public-facing applications (T1190) and arbitrary Unix shell command execution (T1059.004) on the underlying OS.