Description
Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and perform actions as an authenticated user.
Published: 2026-05-29
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Nozomi Networks Labs identified a flaw whereby an attacker can bypass authentication in the Console WebUI of Waterfall WF‑500, allowing them to gain full privileged access without credentials. The vulnerability is a classic Authentication Bypass Using an Alternate Path or Channel (CWE‑288). As a result, a malicious actor can read or modify any configuration, launch attacks from the device, or cause unauthorized control of the network equipment. This loss of confidentiality, integrity, and availability is significant because the device serves as a critical gateway for industrial network traffic.

Affected Systems

The affected product is the Waterfall WF‑500 TX and RX Hosts operating the Console WebUI. Version 7.9.1.0 R2502171040 is vulnerable. All installations running this firmware or earlier versions are at risk.

Risk and Exploitability

The CVSS score of 9.3 reflects a severe vulnerability that can be exploited remotely. Although an EPSS score is not available, the lack of a KEV listing suggests that public exploits have not yet been observed, but the high severity warrants prompt action. Attackers can achieve bypass by sending requests to the web interface without authentication, implying that compromised network segments or compromised credentials on adjacent devices could potentially be used to reach the console. The vulnerability remains exploitable as long as the affected firmware is in use, with no known mitigations beyond patching.

Generated by OpenCVE AI on May 29, 2026 at 12:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the WF‑500 to a firmware release that removes the authentication bypass in the Console WebUI.
  • Restrict access to the console web interface by limiting it to trusted IP addresses or placing it behind a VPN.
  • Enable additional authentication controls such as multi‑factor authentication or enforce strong password policies on the console.

Generated by OpenCVE AI on May 29, 2026 at 12:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Waterfall
Waterfall wf-500
Vendors & Products Waterfall
Waterfall wf-500

Fri, 29 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 29 May 2026 12:45:00 +0000

Type Values Removed Values Added
Title Authentication Bypass in Waterfall WF‑500 Console WebUI

Fri, 29 May 2026 11:45:00 +0000

Type Values Removed Values Added
Description Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and perform actions as an authenticated user.
Weaknesses CWE-288
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Waterfall Wf-500
cve-icon MITRE

Status: PUBLISHED

Assigner: Nozomi

Published:

Updated: 2026-05-29T13:41:58.127Z

Reserved: 2025-04-16T09:53:41.254Z

Link: CVE-2025-41273

cve-icon Vulnrichment

Updated: 2026-05-29T13:41:53.757Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-29T12:16:23.690

Modified: 2026-05-29T14:06:26.220

Link: CVE-2025-41273

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T15:46:57Z

Weaknesses