CVE-2025-41265

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating system...

high 7.2 CVSS 3.1

Published: May 29, 2026

Modified: Jun 1, 2026

Description

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating system commands on the WF-500 TX Host.

References

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41265

Related CVEs

CVSS Breakdown

Version	3.1
Score	7.2 / 10
Severity	high

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weakness (CWE)

CWE-78

Affected Product

Vendor	Waterfall-Security
Product	Wf-500 Firmware