CVE-2025-54403 is an OS command injection vulnerability identified in the Planet WGR-500 router, version v1.3411b190912. The flaw resides in the swctrl functionality, where the 'new_password' request parameter is improperly sanitized, allowing an attacker to inject arbitrary OS commands. This vulnerability is triggered by sending a specially crafted network request to the device, which does not require user interaction but does require low-level privileges (PR:L). The vulnerability is classified under CWE-78, indicating improper neutralization of special elements used in OS commands. The CVSS 3.1 base score of 8.8 reflects its critical impact on confidentiality, integrity, and availability, as arbitrary command execution can lead to full device compromise, data leakage, or denial of service. Although no known exploits are currently in the wild, the vulnerability's network accessibility and low attack complexity make it a significant risk. The lack of available patches at the time of publication increases exposure. The vulnerability affects a specific firmware version, so organizations running this version are at risk. Attackers could leverage this flaw to pivot within networks, disrupt operations, or exfiltrate sensitive information. The vulnerability's presence in networking equipment used in enterprise and industrial environments amplifies its potential impact.

For European organizations, the impact of CVE-2025-54403 can be severe. Compromise of Planet WGR-500 routers could lead to unauthorized network access, interception or manipulation of traffic, and disruption of critical network services. This can affect confidentiality by exposing sensitive data traversing the device, integrity by allowing attackers to alter configurations or data, and availability by causing device crashes or network outages. Organizations relying on these routers for perimeter defense, VPN termination, or internal segmentation could see significant operational disruption. Critical infrastructure sectors such as energy, manufacturing, and telecommunications that use Planet devices may face heightened risks, including potential cascading effects on dependent systems. The vulnerability’s exploitation could facilitate lateral movement within networks, enabling attackers to escalate privileges or deploy ransomware. Given the router’s role in network connectivity, exploitation could also impact remote work capabilities and business continuity. The absence of known exploits currently provides a window for proactive mitigation, but the high severity score underscores the urgency of addressing this vulnerability.

1. Immediately identify and inventory all Planet WGR-500 devices running firmware version v1.3411b190912 within the network. 2. Restrict access to the management interfaces of these devices to trusted IP addresses only, ideally via VPN or secure management networks. 3. Implement network segmentation to isolate vulnerable devices from critical systems and sensitive data flows. 4. Monitor network traffic for anomalous or suspicious requests targeting the swctrl functionality, especially those containing the 'new_password' parameter. 5. Apply any available firmware updates or patches from Planet as soon as they are released; if no patch is available, consider temporary device replacement or disabling vulnerable services. 6. Employ intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics tuned to detect command injection attempts. 7. Enforce strong authentication and authorization controls to limit privileges required to access vulnerable functionality. 8. Conduct regular security assessments and penetration tests focusing on network devices to detect exploitation attempts. 9. Maintain up-to-date backups of device configurations to enable rapid recovery if compromise occurs. 10. Engage with Planet support channels to receive timely updates and guidance on vulnerability remediation.