CVE-2025-41277 | Waterfall WF-500 up to 7.9.1.0 R2502171040 Console WebUI os command injection

A critical OS command injection (CVE-2025-41277) was identified in the Console WebUI of Waterfall WF-500 devices up to version 7.9.1.0 (R2502171040), allowing remote unauthenticated attackers to execute arbitrary operating system commands; the issue is rated highly severe (VulDB/CVSS 9.8), was disclosed by Nozomi Networks Labs, and currently has no public exploit though exploitability is described as easy.