Description
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device.
Published: 2026-05-29
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Waterfall’s WF-500 TX and RX hosts allow an unauthenticated attacker to exploit a relative path traversal flaw in the console’s WebUI, enabling the reading of arbitrary files on the device. This results in a confidentiality compromise and allows attackers to view sensitive configuration or system files. It is a purely read‑only impact with no direct execution or modification possible, but the disclosed paths can expose privileged data.

Affected Systems

The affected devices are Waterfall WF-500 TX and RX hosts running firmware version 7.9.1.0 R2502171040.

Risk and Exploitability

The CVSS score of 8.7 reflects a high severity risk, indicating that exploitation would be straightforward if the vulnerable device is reachable. The probability of exploitation is unknown. No known mass exploitation has been reported, as the issue is not listed in CISA KEV. Attackers can reach the vulnerable endpoint remotely via the console WebUI, and no authentication is required, making it an immediate threat for devices exposed to untrusted networks.

Generated by OpenCVE AI on May 29, 2026 at 13:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device firmware to the latest Waterfall release that includes the fix for the path‑traversal vulnerability.
  • Restrict external access to the console WebUI by applying firewall rules or VLAN segmentation so only trusted networks can reach it.
  • If the console WebUI supports authentication, enable it and enforce strong, unique credentials to require valid authentication before any file requests are processed.

Generated by OpenCVE AI on May 29, 2026 at 13:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Waterfall
Waterfall wf-500
Vendors & Products Waterfall
Waterfall wf-500

Fri, 29 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 29 May 2026 13:45:00 +0000

Type Values Removed Values Added
Title Relative Path Traversal in Waterfall WF-500 Console WebUI Enables Remote File Read

Fri, 29 May 2026 11:45:00 +0000

Type Values Removed Values Added
Description Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device.
Weaknesses CWE-23
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Waterfall Wf-500
cve-icon MITRE

Status: PUBLISHED

Assigner: Nozomi

Published:

Updated: 2026-05-29T13:42:55.452Z

Reserved: 2025-04-16T09:53:41.254Z

Link: CVE-2025-41271

cve-icon Vulnrichment

Updated: 2026-05-29T13:42:51.209Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-29T12:16:23.450

Modified: 2026-05-29T14:06:26.220

Link: CVE-2025-41271

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T15:47:00Z

Weaknesses