Waterfall Wf-500 vulnerabilities
17 known vulnerabilities affecting waterfall/wf-500.
Total CVEs
17
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL9HIGH8
Vulnerabilities
Page 1 of 1
CVE-2025-41277P2CRITICALCVSS 9.8≤ 7.9.1.0 R25021710402026-05-29
CVE-2025-41277 [CRITICAL] CWE-78 CVE-2025-41277: Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.
nvd
CVE-2025-41270P2CRITICALCVSS 9.8≤ 7.9.1.0 R25021710402026-05-29
CVE-2025-41270 [CRITICAL] CWE-78 CVE-2025-41270: Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.
nvd
CVE-2025-41275P2CRITICALCVSS 9.8≤ 7.9.1.0 R25021710402026-05-29
CVE-2025-41275 [CRITICAL] CWE-78 CVE-2025-41275: Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.
nvd
CVE-2025-41272P2CRITICALCVSS 9.8≤ 7.9.1.0 R25021710402026-05-29
CVE-2025-41272 [CRITICAL] CWE-78 CVE-2025-41272: Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.
nvd
CVE-2025-41274P2CRITICALCVSS 9.8≤ 7.9.1.0 R25021710402026-05-29
CVE-2025-41274 [CRITICAL] CWE-78 CVE-2025-41274: Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.
nvd
CVE-2025-41269P2CRITICALCVSS 9.8≤ 7.9.1.0 R25021710402026-05-29
CVE-2025-41269 [CRITICAL] CWE-78 CVE-2025-41269: Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.
nvd
CVE-2025-41276P2CRITICALCVSS 9.8≤ 7.9.1.0 R25021710402026-05-29
CVE-2025-41276 [CRITICAL] CWE-78 CVE-2025-41276: Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.
nvd
CVE-2025-41273P2CRITICALCVSS 9.8≤ 7.9.1.0 R25021710402026-05-29
CVE-2025-41273 [CRITICAL] CWE-288 CVE-2025-41273: Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel
Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and perform actions as an authenticated user.
nvd
CVE-2025-41268P2CRITICALCVSS 9.1≤ 7.9.1.0 R25021710402026-05-29
CVE-2025-41268 [CRITICAL] CWE-23 CVE-2025-41268: Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Wat
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines.
nvd
CVE-2025-41271P3HIGHCVSS 7.5≤ 7.9.1.0 R25021710402026-05-29
CVE-2025-41271 [HIGH] CWE-23 CVE-2025-41271: Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device.
nvd
CVE-2025-41266P3HIGHCVSS 7.2≤ 7.9.1.0 R25021710402026-05-29
CVE-2025-41266 [HIGH] CWE-78 CVE-2025-41266: Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating system commands on the WF-500 TX Host.
nvd
CVE-2025-41265P3HIGHCVSS 7.2≤ 7.9.1.0 R25021710402026-05-29
CVE-2025-41265 [HIGH] CWE-78 CVE-2025-41265: Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating system commands on the WF-500 TX Host.
nvd
CVE-2025-41267P3HIGHCVSS 7.2≤ 7.9.1.0 R25021710402026-05-29
CVE-2025-41267 [HIGH] CWE-78 CVE-2025-41267: Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating system commands on the WF-500 TX Host.
nvd
CVE-2025-41279P3HIGHCVSS 7.2≤ 7.9.1.0 R25021710402026-05-29
CVE-2025-41279 [HIGH] CWE-78 CVE-2025-41279: Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating system commands on the WF-500 RX Host.
nvd
CVE-2025-41281P3HIGHCVSS 7.8≤ 7.9.1.0 R25021710402026-05-29
CVE-2025-41281 [HIGH] CWE-78 CVE-2025-41281: Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured.
nvd
CVE-2025-41280P3HIGHCVSS 7.8≤ 7.9.1.0 R25021710402026-05-29
CVE-2025-41280 [HIGH] CWE-23 CVE-2025-41280: Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is enabled.
nvd
CVE-2025-41278P3HIGHCVSS 7.8≤ 7.10.0.0 R26011410402026-05-29
CVE-2025-41278 [HIGH] CWE-125 CVE-2025-41278: Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version
Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host.
nvd