Waterfall-security Wf-500 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Waterfall-security Wf-500 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2025-41273 — CVSS 9.8 (critical): Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall…
CVE-2025-41277 — CVSS 9.8 (critical): Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the…
CVE-2025-41276 — CVSS 9.8 (critical): Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the…
CVE-2025-41274 — CVSS 9.8 (critical): Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the…
CVE-2025-41269 — CVSS 9.8 (critical): Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the…
CVE-2025-41270 — CVSS 9.8 (critical): Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the…
CVE-2025-41275 — CVSS 9.8 (critical): Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the…
CVE-2025-41272 — CVSS 9.8 (critical): Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the…
CVE-2025-41268 — CVSS 9.1 (critical): Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in…
CVE-2025-41281 — CVSS 7.8 (high): Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in…
CVE-2025-41278 — CVSS 7.8 (high): Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows…
CVE-2025-41280 — CVSS 7.8 (high): Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040…
CVE-2025-41271 — CVSS 7.5 (high): Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version…
CVE-2025-41266 — CVSS 7.2 (high): Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the…
CVE-2025-41265 — CVSS 7.2 (high): Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the…
CVE-2025-41279 — CVSS 7.2 (high): Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the…
CVE-2025-41267 — CVSS 7.2 (high): Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the…