CVE-2025-41276 | Waterfall WF-500 up to 7.9.1.0 R2502171040 Console WebUI os command injection

A critical remote, unauthenticated OS command injection (CVE-2025-41276) affecting the Console WebUI of Waterfall WF-500 (version up to 7.9.1.0 R2502171040) was disclosed. The flaw is rated CVSS 9.8 and can impact confidentiality, integrity, and availability; no public exploit is available yet and no mitigation is provided in the advisory.