CVE-2025-54400
published 2025-10-07CVE-2025-54400: Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of…
PriorityP359high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.68%
47.7th percentile
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This buffer overflow is related to the `counts` request parameter for composing the `"ping -c 2>&1 > %s &"` string.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| planet | wgr-500 | — | — |
| planet | wgr-500_firmware | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Planet formPingCmd Multiple Parameters Buffer Overflow Attempt (CVE-2025-54399, CVE-2025-54400, CVE-2025-54401, CVE-2025-54402)
suricata·2025-10-16·CVSS 8.8
CVE-2025-54400 [HIGH] ET WEB_SPECIFIC_APPS Planet formPingCmd Multiple Parameters Buffer Overflow Attempt (CVE-2025-54399, CVE-2025-54400, CVE-2025-54401, CVE-2025-54402)
ET WEB_SPECIFIC_APPS Planet formPingCmd Multiple Parameters Buffer Overflow Attempt (CVE-2025-54399, CVE-2025-54400, CVE-2025-54401, CVE-2025-54402)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Planet formPingCmd Multiple Parameters Buffer Overflow Attempt (CVE-2025-54399, CVE-2025-54400, CVE-2025-54401, CVE-2025-54402)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:19; content:"/boafrm/formPingCmd"; fast_pattern; http.request_body; pcre:"/(?:ipaddr|counts|submit-url)\x3d[^&]{100,}(?:&|$)/"; reference:cve,2025-54400; reference:cve,2025-54401; reference:cve,2025-54402; reference:url,talosintelligence.com/vulnerability_reports/TALOS-2025-2226; reference:cve,2025-54399; classtype:web-application-attack; sid:2065219; rev:1; metadata:affected
No public exploits indexed.
No writeups or analysis indexed.
2025-10-07
Published