The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert regarding multiple severe vulnerabilities discovered in several Planet Technology networking products.
The flaws, detailed in alert ICSA-25-114-06, could allow remote attackers to take control of affected devices, manipulate sensitive data, and gain unauthorized administrative access.
What Products Are Affected?
CISA’s advisory lists the following devices and firmware versions as vulnerable:
.png
)
- UNI-NMS-Lite:Â Versions 1.0b211018 and prior
- NMS-500:Â All Versions
- NMS-1000V:Â All Versions
- WGS-804HPT-V2:Â Versions 2.305b250121 and prior
- WGS-4215-8T2S:Â Versions 1.305b241115 and prior
Security experts warn that attackers exploiting these vulnerabilities could read or alter device data, escalate privileges, or even create new admin accounts without authorization.
The vulnerabilities are classified as low in complexity, remotely exploitable, and critical, with CVSS v4 base scores reaching 9.3 out of 10.
Overview of Vulnerabilities
CISA identified five high-impact Common Vulnerabilities and Exposures (CVEs) across Planet Technology devices. The table below summarizes each flaw:
| CVE | Affected Products | Description | CVSS v4 Base Score |
| CVE-2025-46271 | UNI-NMS-Lite (≤1.0b211018) | Allows unauthenticated attacker to read/manipulate device data | 9.3 |
| CVE-2025-46272 | WGS-804HPT-V2, WGS-4215-8T2S | Allows unauthenticated attacker to execute OS commands on host system | 9.3 |
| CVE-2025-46273 | UNI-NMS-Lite (≤1.0b211018) | Enables attacker to gain admin privileges to all UNI-NMS managed devices | 9.3 |
| CVE-2025-46274 | UNI-NMS-Lite (≤1.0b211018) | Allows attacker to read, manipulate, and create database entries | 9.3 |
| CVE-2025-46275 | WGS-804HPT-V2, WGS-4215-8T2S | Enables attacker to create admin account without existing credentials | 9.3 |
CISA recommends all users and administrators of the affected Planet Technology products to review the advisory and apply patches or mitigation measures as soon as possible. Immediate steps should include:
- Updating firmware to the latest secure versions when available
- Disabling unnecessary network access and limiting device exposure
- Monitoring network activity for signs of exploitation
Planet Technology customers are urged to stay alert for vendor updates and to follow best security practices to mitigate the risks.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
