By vendor
Waterfall-Security vulnerabilities
Known CVEs affecting Waterfall-Security products, prioritized by severity, with SEC.co remediation and detection guidance.
8 published vulnerabilities
- CVE-2025-41278HIGH 7.8
A memory read vulnerability exists in Waterfall Security's WF-500 RX Host (version 7.10.0.0 R2601141040) that allows an attacker with access to the TX Host to execute arbitrary code. The flaw stems from improper memory access controls, enabling an authenticated insider to move laterally within the Waterfall appliance and gain control of the receive-side components. This is a serious concern for organizations using Waterfall's unidirectional security gateways, as it undermines the trust boundary between the TX and RX sides of the architecture.
- CVE-2025-41280HIGH 7.8
Waterfall Security's WF-500 RX Host contains a path traversal vulnerability (Zip Slip) that allows attackers who have already gained access to the TX Host to execute arbitrary code on the RX Host, provided MySQL connector functionality is configured and file compression is enabled. The vulnerability stems from improper handling of file paths during decompression operations, enabling attackers to write files outside their intended directory. This is a privilege escalation concern within an already-compromised environment rather than an initial access vector.
- CVE-2025-41281HIGH 7.8
Nozomi Networks Labs discovered a code execution vulnerability in Waterfall's WF-500 RX Host that allows attackers already inside a network to run arbitrary commands. The vulnerability is triggered when a MySQL connector is configured and an attacker with access to the connected TX Host sends malicious input. This is a local privilege escalation scenario where internal network access is the prerequisite for exploitation.
- CVE-2025-41271HIGH 7.5
A path traversal vulnerability exists in the Waterfall WF-500 Console WebUI that allows attackers to read sensitive files from affected devices without requiring authentication. The flaw stems from improper handling of relative file paths, enabling an attacker to navigate outside intended directories and access arbitrary files on the system. This is a remote attack requiring only network access—no user interaction or special privileges needed.
- CVE-2025-41265HIGH 7.2
Waterfall Security's WF-500 TX Host contains a command injection flaw in its web-based administration interface. An attacker with valid administrative credentials can inject malicious operating system commands through the web UI, leading to arbitrary command execution on the device itself. This is a post-authentication attack—the attacker must already have admin-level access—but once inside, they can run any OS-level commands the host permits.
- CVE-2025-41266HIGH 7.2
A command injection vulnerability exists in the Waterfall WF-500 TX Host administration interface that allows authenticated users with elevated privileges to execute arbitrary system commands. An attacker who has already gained administrative access can leverage this flaw to run operating system-level commands, potentially compromising the entire appliance. The vulnerability affects version 7.9.1.0 R2502171040 and requires the attacker to be authenticated and have high-level privileges, reducing but not eliminating the risk in environments where admin credential exposure is a concern.
- CVE-2025-41267HIGH 7.2
A command injection vulnerability exists in the Waterfall WF-500 TX Host administration web interface that allows authenticated administrators to execute arbitrary operating system commands. An attacker with administrative credentials can craft malicious input through the WebUI to bypass command sanitization and gain direct OS-level access to the device. This is a post-authentication attack requiring valid admin credentials, but once exploited, provides complete system compromise.
- CVE-2025-41279HIGH 7.2
Nozomi Networks Labs discovered a command injection vulnerability in Waterfall's WF-500 RX Host administration interface. An authenticated attacker with administrative privileges can inject operating system commands through the web UI, leading to arbitrary code execution on the affected device. This is a serious risk for organizations using this industrial security appliance, as the attacker would gain full control of the host system.