CVE-2025-46272: Planet Technology Network Products OS Command Injection

9.1 CVSS

Description

WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection
attack that could allow an unauthenticated attacker to execute OS
commands on the host system.

Classification

CVE ID: CVE-2025-46272

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Problem Types

CWE-78 OS Command Injection

Affected Products

Vendor: Planet Technology

Product: WGS-804HPT-V2, WGS-4215-8T2S

Exploit Prediction Scoring System (EPSS)

EPSS Score: 2.91% (probability of being exploited)

EPSS Percentile: 85.69% (scored less or equal to compared to others)

EPSS Date: 2025-05-23 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-46272
https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06

Timeline

2025-04-25 00:40:19 UTC
CVE

Planet Technology Network Products OS Command Injection