CVE-2025-54402 PUBLISHED

Assigner: talos
Reserved: 21.07.2025 Published: 07.10.2025 Updated: 07.10.2025

Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This buffer overflow is related to the submit-url and ipaddr request parameters combined.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 8.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Planet
Product	WGR-500
Versions	Version v1.3411b190912 is affected

Credits

Discovered by Francesco Benvenuto of Cisco Talos.

References

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2226

Problem Types

CWE-121: Stack-based Buffer Overflow CWE