OS Command Injection Vulnerability in N-Reporter, N-Cloud, and N-Probe by N-Partner
CVE-2025-9972

9.3CRITICAL

Key Information:

Vendor

Planet Technology

Status
Icg-2510wg-lte (eu/us)
Icg-2510w-lte (eu/us)
Vendor
CVE Published:
17 September 2025

What is CVE-2025-9972?

N-Reporter, N-Cloud, and N-Probe developed by N-Partner are susceptible to an OS Command Injection vulnerability. This flaw allows authenticated remote attackers to inject arbitrary operating system commands, enabling them to execute harmful commands on the server. This could potentially compromise server integrity and data security, highlighting the necessity for immediate patching and vigilance.

Affected Version(s)

ICG-2510W-LTE (EU/US) 0 <= 1.0_20240411

ICG-2510WG-LTE (EU/US) 0 <= 1.0-20240918

References

https://www.twcert.org.tw/tw/cp-132-10389-265a3-1.html
third-party-advisory
https://www.twcert.org.tw/en/cp-139-10390-7ce12-2.html
third-party-advisory
https://www.planet.com.tw/en/support/security-advisory/8
third-party-advisory

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.