Description
Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host.
Published: 2026-05-29
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds read in the RX Host of the Waterfall WF‑500 allows an attacker controlling the TX Host to execute arbitrary code on the RX Host. The flaw is a classic CWE‑125 vulnerability that can be abused to compromise the integrity and confidentiality of the RX Host, potentially enabling full control over the device.

Affected Systems

The affected product is Nozomi Networks' Waterfall WF‑500. The vulnerability exists in the RX Host software version 7.10.0.0 R2601141040. No other versions are listed. Only the WF‑500 model is impacted; thus systems running older firmware or other Nozomi products remain unaffected unless they share the same code base.

Risk and Exploitability

The CVSS score of 7.5 indicates a high‑severity risk. EPSS data is not available, so the current exploitation probability is unknown. The vulnerability is not listed in CISA's KEV catalog, so no publicly known exploits have been reported. The attack vector is inferred to be local or network‑based access to the TX Host, which then exploits the RX Host via the out‑of‑bounds read to achieve remote code execution.

Generated by OpenCVE AI on May 29, 2026 at 12:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch or upgrade the Waterfall WF‑500 RX Host to a firmware version that contains the out‑of‑bounds read fix. If no patch is available, contact Nozomi Networks for an update plan.
  • Limit network access to the TX Host so that only trusted administrators can communicate with the RX Host, reducing the attack surface.
  • Enable and monitor audit logs on both the TX and RX hosts for anomalies that could indicate exploitation attempts, and ensure that the hosts are isolated in accordance with the principle of least privilege.

Generated by OpenCVE AI on May 29, 2026 at 12:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Waterfall
Waterfall wf-500
Vendors & Products Waterfall
Waterfall wf-500

Fri, 29 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 29 May 2026 12:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Read Allowing Remote Code Execution via TX Host Access on Waterfall WF‑500

Fri, 29 May 2026 11:45:00 +0000

Type Values Removed Values Added
Description Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host.
Weaknesses CWE-125
References
Metrics cvssV4_0

{'score': 7.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Waterfall Wf-500
cve-icon MITRE

Status: PUBLISHED

Assigner: Nozomi

Published:

Updated: 2026-05-29T13:39:01.031Z

Reserved: 2025-04-16T09:53:43.283Z

Link: CVE-2025-41278

cve-icon Vulnrichment

Updated: 2026-05-29T13:38:55.875Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-29T12:16:24.293

Modified: 2026-05-29T14:06:26.220

Link: CVE-2025-41278

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T15:46:50Z

Weaknesses