PLANET ICG-2510WG-LTE (EU/US) / ICG-2510W-LTE (EU/US)
CVE
Summary
PLANET Technology has identified and addressed multiple security vulnerabilities in the industrial cellular gateways ICG-2510WG-LTE and ICG-2510G-LTE. The issues include missing authentication mechanisms and OS command injection flaws. Exploitation may allow attackers to gain unauthorized access, escalate privileges, or execute arbitrary code remotely.
Patched firmware has been fully verified and released. The updates are now available for download from the PLANET official website. All users are strongly recommended to upgrade immediately.
What Are the Risks Associated with This Vulnerability?
- CVE-2025-9971 (Missing Authentication / CWE-306): May allow unauthorized access to system functions and privilege escalation.
- CVE-2025-9972 (OS Command Injection / CWE-78): May allow remote attackers to inject commands and execute arbitrary code.
Which Versions Are Affected and What Should You Do?
After a comprehensive investigation, we have identified the impacted product versions and released updated firmware to mitigate this vulnerability.
The affected products and available patches are listed in the table below:
How to Get Assistance
If you have any questions or require assistance, please contact PLANET's technical support team or reach out to your PLANET distributor. We are here to provide additional guidance and support.
Acknowledgment
We would like to express our appreciation to TWCERT/CC (Taiwan National Computer Emergency Response Team/Coordination Center) for reporting this issue.
Revision History
[2025-09-08]: Initial Version
