These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A critical OS command injection vulnerability (CWE-78) in Waterfall WF-500 TX and RX Hosts allows remote unauthenticated attackers to execute arbitrary operating system commands via the Console WebUI. The vulnerability affects firmware version 7.9.1.0 R2502171040 and was disclosed by Nozomi Networks Labs. The CVSS 4.0 vector indicates network attack vector with low attack complexity, no privileges require [truncated]
A critical authentication bypass vulnerability exists in the Console WebUI of Waterfall WF-500 TX and RX Hosts running firmware version 7.9.1.0 R2502171040. Nozomi Networks Labs identified this flaw as CWE-288: Authentication Bypass Using an Alternate Path or Channel. Remote unauthenticated attackers can exploit this weakness to bypass authentication entirely and perform actions as an authenticated user o [truncated]
A critical OS command injection vulnerability in Waterfall WF-500 TX/RX Hosts allows remote unauthenticated attackers to execute arbitrary operating system commands via the Console WebUI. The vulnerability, identified by Nozomi Networks Labs as CWE-78, affects firmware version 7.9.1.0 R2502171040 and earlier. The CVSS 4.0 vector indicates network attack vector with low attack complexity, no privileges req [truncated]
A path traversal vulnerability in Waterfall WF-500 TX/RX Hosts allows remote unauthenticated attackers to read arbitrary files via the Console WebUI. The flaw, identified as CWE-23 (Relative Path Traversal), affects firmware version 7.9.1.0 R2502171040 and was disclosed by Nozomi Networks Labs. The CVSS 4.0 vector indicates network attack vector with low attack complexity, no privileges required, and high [truncated]
A critical OS command injection vulnerability (CWE-78) in Waterfall WF-500 TX and RX Hosts allows remote unauthenticated attackers to execute arbitrary operating system commands via the Console WebUI. The vulnerability affects firmware version 7.9.1.0 R2502171040 and was disclosed by Nozomi Networks Labs. The CVSS 4.0 vector indicates network attack vector with low attack complexity, no privileges require [truncated]
A critical OS command injection vulnerability in Waterfall WF-500 TX/RX Hosts allows remote unauthenticated attackers to execute arbitrary operating system commands via the Console WebUI. The flaw, identified by Nozomi Networks Labs as CWE-78, affects firmware version 7.9.1.0 R2502171040 and earlier. The vulnerability carries a CVSS 4.0 score of 9.3 (Critical) with network attack vector, low attack comple [truncated]
A relative path traversal vulnerability (CWE-23) in the Administration WebUI of Waterfall WF-500 TX and RX Hosts allows remote unauthenticated attackers to delete arbitrary files on affected systems. The vulnerability exists in firmware version 7.9.1.0 R2502171040 and was identified by Nozomi Networks Labs. The CVSS 4.0 vector indicates network attack vector with low attack complexity, no privileges requi [truncated]
A high-severity OS command injection vulnerability (CWE-78) exists in the Administration WebUI of the Waterfall WF-500 TX Host, affecting firmware version 7.9.1.0 R2502171040. The flaw was identified by Nozomi Networks Labs and published on 2026-05-29, with the NVD record subsequently modified on 2026-06-01. The vulnerability allows remote authenticated attackers to execute arbitrary operating system comm [truncated]
A high-severity OS command injection vulnerability exists in the Administration WebUI of the Waterfall WF-500 TX Host, affecting firmware version 7.9.1.0 R2502171040 and earlier. Nozomi Networks Labs identified this flaw as CWE-78, where special elements are improperly neutralized in an OS command. A remote attacker with administrative authentication can exploit this weakness to execute arbitrary operatin [truncated]
A remote OS command injection vulnerability (CWE-78) exists in the Administration WebUI of the Waterfall WF-500 TX Host, affecting firmware version 7.9.1.0 R2502171040 and earlier. Discovered by Nozomi Networks Labs and published on 2026-05-29, this flaw allows remote authenticated attackers with administrative privileges to execute arbitrary operating system commands on the affected host. The CVSS 4.0 ve [truncated]
