CVE-2025-48826

HIGH

Planet WGR-500 <1.3411b190912 - Memory Corruption

Title source: llm

Description

A format string vulnerability exists in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to memory corruption. An attacker can send a series of HTTP requests to trigger this vulnerability.

References (2)

[Exploit, Third Party Advisory] https://talosintelligence.com/vulnerability_reports/TALOS-2025-2228

[Third Party Advisory] https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2228

Scores

CVSS v3 8.8

EPSS 0.0007

EPSS Percentile 21.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-134

Status published

Affected Products (1)

planet/wgr-500_firmware

Timeline

Published Oct 07, 2025

Tracked Since Feb 18, 2026