CVE-2024-8448

Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and obtain a Linux root shell.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:planet:gs-4210-24p2s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:planet:gs-4210-24p2s:3.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:planet:gs-4210-24pl4c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:planet:gs-4210-24pl4c:2.0:*:*:*:*:*:*:*

History

04 Oct 2024, 15:07

Type Values Removed Values Added
CPE cpe:2.3:h:planet:gs-4210-24pl4c:2.0:*:*:*:*:*:*:*
cpe:2.3:h:planet:gs-4210-24p2s:3.0:*:*:*:*:*:*:*
cpe:2.3:o:planet:gs-4210-24p2s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:planet:gs-4210-24pl4c_firmware:*:*:*:*:*:*:*:*
References () https://www.twcert.org.tw/en/cp-139-8046-057c2-2.html - () https://www.twcert.org.tw/en/cp-139-8046-057c2-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-8045-a2804-1.html - () https://www.twcert.org.tw/tw/cp-132-8045-a2804-1.html - Third Party Advisory
First Time Planet gs-4210-24pl4c Firmware
Planet gs-4210-24p2s
Planet gs-4210-24pl4c
Planet gs-4210-24p2s Firmware
Planet

30 Sep 2024, 12:45

Type Values Removed Values Added
Summary
  • (es) Ciertos modelos de conmutadores de PLANET Technology tienen una credencial codificada en la interfaz de línea de comandos específica, lo que permite a atacantes remotos con privilegios regulares iniciar sesión con esta credencial y obtener un shell raíz de Linux.

30 Sep 2024, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-30 07:15

Updated : 2024-10-04 15:07


NVD link : CVE-2024-8448

Mitre link : CVE-2024-8448

CVE.ORG link : CVE-2024-8448


JSON object : View

Products Affected

planet

  • gs-4210-24pl4c_firmware
  • gs-4210-24p2s
  • gs-4210-24p2s_firmware
  • gs-4210-24pl4c
CWE
CWE-798

Use of Hard-coded Credentials