[Vulnerability Alert] [TLP CLEAR] PLANET Technology | Industrial Mobile Communication Gateway - 2 Vulnerabilities

• Subject: [Vulnerability Alert] [TLP CLEAR] PLANET Technology | Industrial Mobile Communication Gateway - 2 Vulnerabilities

• Content:
  • Forwarded from Taiwan Computer Network Emergency Response Team/Coordination Center TWCERTCC-200-202509-00000013
  • [PLANET Technology | Industrial Mobile Communication Gateway - Missing Authentication] (CVE-2025-9971, CVSS: 9.8) PLANET Technology's Industrial Mobile Communication Gateway has a Missing Authentication vulnerability. An unauthenticated remote attacker can exploit a specific function to operate on the device.
  • [PLANET Technology | Industrial Mobile Communication Gateway - OS Command Injection] (CVE-2025-9972, CVSS: 9.8) An unauthenticated remote attacker can inject arbitrary operating system commands and execute them on the device.
• Affected Platforms:
  • ICG-2510WG-LTE (EU/US) version 1.0-20240918 (inclusive) and earlier versions
  • ICG-2510W-LTE (EU/US) version 1.0_20240411 (inclusive) and earlier versions
• Recommended Action:
  • Update ICG-2510WG-LTE (EU/US) to version 1.0-20240922 (inclusive) and later versions
  • Update ICG-2510W-LTE (EU/US) to version 1.0_20240922 (inclusive) and later versions

Computer and Communications Center
Network Systems Group