Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext passwords.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/en/cp-139-8056-09688-2.html | Third Party Advisory |
https://www.twcert.org.tw/tw/cp-132-8055-2c361-1.html | Third Party Advisory |
Configurations
History
04 Oct 2024, 15:10
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:planet:gs-4210-24pl4c:2.0:*:*:*:*:*:*:* cpe:2.3:h:planet:gs-4210-24p2s:3.0:*:*:*:*:*:*:* cpe:2.3:o:planet:gs-4210-24p2s_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:planet:gs-4210-24pl4c_firmware:*:*:*:*:*:*:*:* |
|
First Time |
Planet gs-4210-24pl4c Firmware
Planet gs-4210-24p2s Planet gs-4210-24pl4c Planet gs-4210-24p2s Firmware Planet |
|
References | () https://www.twcert.org.tw/en/cp-139-8056-09688-2.html - Third Party Advisory | |
References | () https://www.twcert.org.tw/tw/cp-132-8055-2c361-1.html - Third Party Advisory |
30 Sep 2024, 12:45
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
30 Sep 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-30 08:15
Updated : 2024-10-04 15:10
NVD link : CVE-2024-8453
Mitre link : CVE-2024-8453
CVE.ORG link : CVE-2024-8453
JSON object : View
Products Affected
planet
- gs-4210-24pl4c
- gs-4210-24p2s_firmware
- gs-4210-24pl4c_firmware
- gs-4210-24p2s