The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/en/cp-139-8060-f3955-2.html | Third Party Advisory |
https://www.twcert.org.tw/tw/cp-132-8059-bde5f-1.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
04 Oct 2024, 14:45
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
CPE | cpe:2.3:o:planet:igs-5225-4up1t2s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:planet:gs-4210-24p2s:3.0:*:*:*:*:*:*:* cpe:2.3:h:planet:igs-5225-4up1t2s:1.0:*:*:*:*:*:*:* cpe:2.3:o:planet:gs-4210-24pl4c_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:planet:gs-4210-24pl4c:2.0:*:*:*:*:*:*:* cpe:2.3:o:planet:gs-4210-24p2s_firmware:*:*:*:*:*:*:*:* |
|
References | () https://www.twcert.org.tw/en/cp-139-8060-f3955-2.html - Third Party Advisory | |
References | () https://www.twcert.org.tw/tw/cp-132-8059-bde5f-1.html - Third Party Advisory | |
First Time |
Planet gs-4210-24pl4c Firmware
Planet igs-5225-4up1t2s Planet gs-4210-24p2s Planet gs-4210-24pl4c Planet igs-5225-4up1t2s Firmware Planet gs-4210-24p2s Firmware Planet |
|
CWE | CWE-326 |
30 Sep 2024, 12:45
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
30 Sep 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-30 08:15
Updated : 2024-10-04 14:45
NVD link : CVE-2024-8455
Mitre link : CVE-2024-8455
CVE.ORG link : CVE-2024-8455
JSON object : View
Products Affected
planet
- igs-5225-4up1t2s_firmware
- gs-4210-24p2s
- igs-5225-4up1t2s
- gs-4210-24pl4c
- gs-4210-24p2s_firmware
- gs-4210-24pl4c_firmware