Date Posted: 2025/09/22
[Vulnerability Alert] [TLP CLEAR] PLANET Technology | Industrial Mobile Communication Gateway - 2 Vulnerabilities
- Subject: [Vulnerability Alert] [TLP CLEAR] PLANET Technology | Industrial Mobile Communication Gateway - 2 Vulnerabilities
- Content:
- Forwarded from Taiwan Computer Network Emergency Response Team/Coordination Center TWCERTCC-200-202509-00000013
- [PLANET Technology | Industrial Mobile Communication Gateway - Missing Authentication] (CVE-2025-9971, CVSS: 9.8) PLANET Technology's Industrial Mobile Communication Gateway has a Missing Authentication vulnerability. An unauthenticated remote attacker can exploit a specific function to operate on the device.
- [PLANET Technology | Industrial Mobile Communication Gateway - OS Command Injection] (CVE-2025-9972, CVSS: 9.8) An unauthenticated remote attacker can inject arbitrary operating system commands and execute them on the device.
- Affected Platforms:
- ICG-2510WG-LTE (EU/US) version 1.0-20240918 (inclusive) and earlier versions
- ICG-2510W-LTE (EU/US) version 1.0_20240411 (inclusive) and earlier versions
- Recommended Action:
- Update ICG-2510WG-LTE (EU/US) to version 1.0-20240922 (inclusive) and later versions
- Update ICG-2510W-LTE (EU/US) to version 1.0_20240922 (inclusive) and later versions
Computer and Communications Center
Network Systems Group
