Description
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured.
Published: 2026-05-29
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an OS Command Injection flaw (CWE‑78) in the Waterfall WF‑500 RX Host. An attacker who can interact with the TX Host and has a MySQL connector configured can cause arbitrary command execution on the RX Host. Successful exploitation would give the attacker full control over the RX Host, enabling data exfiltration, lateral movement, or further compromise of the Nozomi Networks environment. The flaw stems from unsanitized user input being passed to system command execution.

Affected Systems

Waterfall WF‑500 RX Host version 7.9.1.0 R2502171040 from the vendor Nozomi Networks. No other versions or products are currently known to be impacted.

Risk and Exploitability

The CVSS score of 7.5 indicates significant severity. EPSS information is unavailable, so the probability of exploitation is not quantified, and the CVE is not listed in the CISA KEV catalog. The flaw can be leveraged by an attacker who has access to the TX Host and can configure or manipulate the MySQL connector. Because the injection occurs at command‑line level, exploitation is straightforward once the attack vector is achieved.

Generated by OpenCVE AI on May 29, 2026 at 12:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the WF‑500 firmware to the latest version that removes the command injection flaw.
  • If an immediate firmware upgrade is not possible, disable or remove the MySQL connector from the RX Host configuration.
  • Restrict network access to the TX Host so that only trusted devices can communicate with the RX Host.

Generated by OpenCVE AI on May 29, 2026 at 12:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Waterfall
Waterfall wf-500
Vendors & Products Waterfall
Waterfall wf-500

Fri, 29 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 29 May 2026 12:45:00 +0000

Type Values Removed Values Added
Title OS Command Injection in Nozomi Networks Waterfall WF-500 RX Host Enables Remote Code Execution

Fri, 29 May 2026 11:45:00 +0000

Type Values Removed Values Added
Description Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured.
Weaknesses CWE-78
References
Metrics cvssV4_0

{'score': 7.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Waterfall Wf-500
cve-icon MITRE

Status: PUBLISHED

Assigner: Nozomi

Published:

Updated: 2026-05-29T13:36:44.165Z

Reserved: 2025-04-16T09:53:43.284Z

Link: CVE-2025-41281

cve-icon Vulnrichment

Updated: 2026-05-29T13:36:40.719Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-29T12:16:24.670

Modified: 2026-05-29T14:06:47.240

Link: CVE-2025-41281

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T15:46:46Z

Weaknesses