NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2025-41266

Summary	Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating system commands on the WF-500 TX Host.
Publication Date	May 29, 2026, 9:16 p.m.
Registration Date	May 30, 2026, 4:14 a.m.
Last Update	May 29, 2026, 11:06 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41266	prodsec@nozominetworks.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-78	OSコマンド・インジェクション	https://cwe.mitre.org/data/definitions/78.html