Security Advisory for Vulnerabilities in PLANET WGS-804HPT (V2) and WGS-4215-8P2S - Security Advisory

CVE

CVE-2025-46272 , CVE-2025-46275

Summary

Two critical vulnerabilities have been identified in PLANET WGS-804HPT (V2) and WGS-4215-8P2S managed switches. These vulnerabilities include a command injection flaw and a missing authentication mechanism for critical functions. PLANET has released updated firmware to address these security issues and recommends all users upgrade immediately.

What Are the Risks Associated with This Vulnerability?

Remote Code Execution: Attackers may exploit OS command injection to execute arbitrary commands with system-level privileges (CVE-2025-46272).
Privilege Escalation and Unauthorized Access: Due to missing authentication, attackers can create privileged accounts without needing valid login credentials (CVE-2025-46275).

Which Versions Are Affected and What Should You Do?

After a comprehensive investigation, we have identified the impacted product versions and released updated firmware to mitigate this vulnerability. The affected products and available patches are listed in the table below:

Product Series	Affected Version	Patch Availability
WGS-804HPT (V2)	Versions 2.305b250121 and prior	v2.305b250328
WGS-4215-8P2S	Versions 1.305b241115 and prior	v1.120b250328

How to Get Assistance

If you have any questions or require assistance, please contact PLANET's technical support team or reach out to your PLANET distributor. We are here to provide additional guidance and support.

Acknowledgment

We would like to express our appreciation to These vulnerabilities were reported by Immersive Labs. for reporting this issue.

Revision History

[2025-04-25]: Initial Version