Command Injection Vulnerability in UNI-NMS-Lite by UNI
CVE-2025-46271
Key Information:
- Vendor
Planet Technology
- Vendor
- CVE Published:
- 24 April 2025
Badges
What is CVE-2025-46271?
UNI-NMS-Lite, a network management system from UNI, is susceptible to a command injection vulnerability. This issue allows unauthenticated attackers to execute arbitrary commands, posing a risk of unauthorized access and manipulation of sensitive device data. Proper security measures and timely updates are essential to mitigate this risk and protect network integrity.
Affected Version(s)
NMS-1000V All versions
NMS-500 All versions
UNI-NMS-Lite 0 <= 1.0b211018
News Articles
Cyber Security Agency of SingaporeMultiple Critical Vulnerabilities in Planet Technology Industrial Networking Products
Planet Technology has released security updates addressing multiple critical vulnerabilities affecting their Industrial Networking products. Users and...
Cyber PressCVE-2025-46271CISA Issues Warning Over Planet Technology Network Product Flaws
The flaws, if left unpatched, could allow remote attackers to take full control of affected devices, manipulate sensitive data.
HackreadPlanet Technology Industrial Switch Flaws Risk Full Takeover - Patch Now
Immersive have discovered critical vulnerabilities in Planet Technology network management and switch products, allowing full device control.
References
CVSS V4
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by Hackread
Vulnerability published
Vulnerability Reserved