The Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) has issued a security advisory warning of two critical vulnerabilities in Planet Technology’s Industrial Cellular Gateways, tracked as CVE-2025-9971 and CVE-2025-9972, each scoring 9.8 on the CVSS scale. These flaws expose affected devices to the risk of unauthenticated remote exploitation, including complete device takeover.
According to the advisory, “Unauthenticated remote attackers can manipulate the device via a specific functionality” (CVE-2025-9971) and “Unauthenticated remote attackers can inject arbitrary OS commands and execute them on the device” (CVE-2025-9972).
The vulnerabilities impact the following devices:
- ICG-2510WG-LTE (EU/US) version 1.0-20240918 and earlier
- ICG-2510W-LTE (EU/US) version 1.0_20240411 and earlier
These industrial-grade gateways are commonly deployed in critical infrastructure, smart city deployments, and industrial IoT environments, making the flaws particularly concerning.
The lack of authentication (CVE-2025-9971) means attackers could remotely manipulate device settings or disrupt operations without requiring valid credentials. Even more severe, the OS command injection flaw (CVE-2025-9972) allows attackers to execute arbitrary commands on the underlying operating system—potentially leading to:
- Full compromise of the device
- Disruption of network connectivity
- Use of the gateway as a pivot point for further attacks within industrial networks
TWCERT/CC and Planet Technology strongly recommend that users apply the latest patches immediately. The advisory states:
- Update ICG-2510WG-LTE (EU/US) to version 1.0_20250811 or later
- Update ICG-2510W-LTE (EU/US) to version 1.0_20250811 or later
- New ‘Planet Stealer’ Malware Emerges: Your Passwords and Crypto Wallets at Risk
- PLANET Technology Switches Face CVE-2024-8456 (CVSS 9.8), Urgent Firmware Updates Advised
- CISA Warns of Critical Vulnerabilities in Planet Technology Products
- Cellular Security Compromised: 119 Vulnerabilities Discovered Across LTE and 5G
- CVE-2024-52320 and More: Planet Switches Expose Networks to Attack
Rate this post
