CVE-2025-46272 CRITICAL

CVE-2025-46272: Planet Technology Network Products OS Command Injection

Vendor Planet Technology

Product WGS-804HPT-V2

Weakness CWE-78

Published April 24, 2025

Last update April 25, 2025

View on NVD All CVEs

CVSS base score

9.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection attack that could allow an unauthenticated attacker to execute OS commands on the host system.

Key dates

02Disclosure timeline

April 24, 2025 CVE published

April 25, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-46272 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2025-46272

CWE CWE-78

CVSS 9.1 / CRITICAL

Affected versions

Vendor Planet Technology

Product WGS-804HPT-V2

Affected ≤ 2.305b250121

Vendor Planet Technology

Product WGS-4215-8T2S

Affected ≤ 1.305b241115

CVE-2025-46272: Planet Technology Network Products OS Command Injection

01Description

02Disclosure timeline

03References

04Related CVE