CVE-2025-54403 is an OS command injection vulnerability identified in the Planet WGR-500 router firmware version v1.3411b190912. The flaw exists in the swctrl functionality, specifically related to the 'new_password' request parameter, where improper neutralization of special characters allows an attacker to inject arbitrary OS commands. This vulnerability can be triggered remotely by sending a specially crafted network request, requiring only low privileges (PR:L) and no user interaction (UI:N). The CVSS 3.1 score of 8.8 reflects high impact on confidentiality, integrity, and availability, as successful exploitation could lead to full system compromise, data exfiltration, or denial of service. The vulnerability stems from CWE-78, indicating failure to sanitize input before passing it to OS command execution functions. Although no public exploits are currently known, the ease of exploitation and critical impact make this a significant threat. The affected product, Planet WGR-500, is a network router used in various organizational environments, making this vulnerability a vector for attackers to gain control over network infrastructure devices. The lack of available patches at the time of publication increases the urgency for interim mitigations.

For European organizations, exploitation of CVE-2025-54403 could lead to severe consequences including unauthorized remote control of network routers, interception or manipulation of network traffic, and disruption of network services. This can compromise sensitive data confidentiality, integrity of communications, and availability of critical network infrastructure. Organizations relying on Planet WGR-500 devices for internal or perimeter networking are at risk of lateral movement by attackers, potentially escalating to broader network compromise. Critical sectors such as finance, government, telecommunications, and healthcare could face operational disruptions and data breaches. The vulnerability’s remote exploitability without user interaction increases the risk of automated attacks and worm-like propagation within vulnerable networks. Additionally, the absence of known exploits currently provides a window for proactive defense, but also means attackers may develop exploits rapidly given the high severity and straightforward attack vector.

1. Immediately restrict access to the swctrl management interface by implementing network segmentation and firewall rules to limit access to trusted IP addresses only. 2. Disable remote management features on the Planet WGR-500 routers if not strictly necessary. 3. Monitor network traffic for anomalous requests targeting the 'new_password' parameter or unusual command execution patterns on the device. 4. Employ intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics to detect command injection attempts. 5. Regularly audit device configurations and logs for signs of compromise or unauthorized changes. 6. Coordinate with Planet for timely receipt and deployment of official firmware patches addressing this vulnerability. 7. Where possible, replace affected devices with models from vendors with robust security update practices. 8. Educate network administrators on the risks of command injection and the importance of secure device management. 9. Implement multi-factor authentication and strong password policies to reduce the risk of privilege escalation that could facilitate exploitation. 10. Prepare incident response plans specific to network device compromise scenarios.