Critical severity9.8NVD Advisory· Published May 29, 2026· Updated Jun 1, 2026
CVE-2025-41273
CVE-2025-41273
Description
Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and perform actions as an authenticated user.
Affected products
2- cpe:2.3:o:waterfall-security:wf-500_firmware:*:*:*:*:*:*:*:*Range: <=7.9.1.0_r2502171040
- Range: 7.9.1.0 R2502171040
Patches
Vulnerability mechanics
References
1- www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41273nvdVendor Advisory
News mentions
0No linked articles in our index yet.