CVE-2025-48826 PUBLISHED

Assigner: talos
Reserved: 21.07.2025 Published: 07.10.2025 Updated: 07.10.2025

A format string vulnerability exists in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to memory corruption. An attacker can send a series of HTTP requests to trigger this vulnerability.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 8.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Planet
Product	WGR-500
Versions	Version v1.3411b190912 is affected

Credits

Discovered by Francesco Benvenuto of Cisco Talos.

References

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2228

Problem Types

CWE-134: Use of Externally-Controlled Format String CWE