Description
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.
Published: 2026-05-29
Score: 9.3 Critical
EPSS: 1.0% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Nozomi Networks Labs identified an OS Command Injection flaw in the Console WebUI of Waterfall WF-500 TX and RX Hosts. The vulnerability, classified as CWE-78, permits remote unauthenticated attackers to inject and execute arbitrary operating system commands. With the ability to run any command at the device’s privilege level, an attacker could fully compromise the device, gaining full confidentiality, integrity, and availability control.

Affected Systems

The affected product is Waterfall:WF-500, specifically the TX and RX Hosts running firmware version 7.9.1.0 R2502171040. No other vendor or product variants are listed as vulnerable in this advisory.

Risk and Exploitability

The CVSS score of 9.3 marks this as a critical vulnerability, with no mitigation information provided in the advisory and the EPSS score of 1%. The attack vector is remote and unauthenticated, likely via the web-based console interface, allowing exploitation without needing credentials. The vulnerability’s impact enables arbitrary command execution, rendering it a severe risk to all devices running the affected firmware.

Generated by OpenCVE AI on May 29, 2026 at 15:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device firmware to a version that contains the OS command injection fix, as provided by Waterfall or Nozomi Networks.
  • Disable or restrict the Console WebUI so that only trusted internal IP addresses can reach it, for example by configuring firewall rules or VPN access.
  • Apply network segmentation and isolate affected devices from untrusted networks to limit the blast radius of a potential compromise.

Generated by OpenCVE AI on May 29, 2026 at 15:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Waterfall
Waterfall wf-500
Vendors & Products Waterfall
Waterfall wf-500

Fri, 29 May 2026 15:45:00 +0000

Type Values Removed Values Added
Title OS Command Injection Allowing Remote Code Execution on Waterfall WF-500

Fri, 29 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 29 May 2026 11:45:00 +0000

Type Values Removed Values Added
Description Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.
Weaknesses CWE-78
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Waterfall Wf-500
cve-icon MITRE

Status: PUBLISHED

Assigner: Nozomi

Published:

Updated: 2026-05-29T13:39:31.000Z

Reserved: 2025-04-16T09:53:43.283Z

Link: CVE-2025-41277

cve-icon Vulnrichment

Updated: 2026-05-29T13:39:26.603Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-29T12:16:24.167

Modified: 2026-05-29T14:06:26.220

Link: CVE-2025-41277

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T15:46:51Z

Weaknesses