Forwarded by Taiwan Computer Network Crisis Response and Coordination Center (TWCERTCC-200-202509-00000013)
[Description]
[PLANET Technology Corporation | Industrial Mobile Communications Gateway - Missing Authentication] (CVE-2025-9971, CVSS: 9.8) An unauthenticated remote attacker can exploit specific functions to manipulate the device.
[PLANET Technology Corporation | Industrial Mobile Communications Gateway - OS Command Injection] (CVE-2025-9972, CVSS: 9.8) An unauthenticated remote attacker can inject arbitrary operating system commands and execute them on the device.
[Affected Platforms]
● ICG-2510WG-LTE (EU/US) Versions 1.0-20240918 and earlier
● ICG-2510W-LTE (EU/US) Versions 1.0_20240411 and earlier
[Recommended Actions]
● Update ICG-2510WG-LTE (EU/US) to Versions 1.0_20250811 and later
● Update ICG-2510W-LTE (EU/US) to Versions 1.0_20250811 and later
[References]
1. PLANET Technology Corporation | Industrial Mobile Communications Gateway - 2 Vulnerabilities: https://www.twcert.org.tw/tw/cp-132-10389-265a3-1.html
[Security Vulnerability Alert] [TLP CLEAR] PLANET Technology Corporation | Industrial Mobile Communications Gateway - 2 Vulnerabilities
Type:行政公告
Pubish Date:2025/09/25 至 2026/03/25
Visitors:33
相關附件
返回列表
