CVE-2025-54406
Published: 07 October 2025
Description
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
Security Summary
CVE-2025-54406 involves multiple OS command injection vulnerabilities (CWE-78) in the formPingCmd functionality of the Planet WGR-500 router running firmware version v1.3411b190912. These flaws enable arbitrary command execution through a specially crafted series of HTTP requests targeting the `counts` request parameter. Published on 2025-10-07, the vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting its high severity due to network accessibility, low attack complexity, and potential for significant impact.
An attacker requires only low privileges (PR:L) to exploit the vulnerability remotely over the network (AV:N) without user interaction (UI:N). By sending a tailored sequence of HTTP requests to the formPingCmd endpoint, the attacker can inject and execute arbitrary operating system commands via the `counts` parameter, potentially compromising confidentiality, integrity, and availability at a high level (C:H/I:H/A:H).
Mitigation guidance and further technical details are available in the Cisco Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2229.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
OS command injection via public-facing web interface on router (T1190) enables arbitrary command execution on network device (T1059.008).