Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/en/cp-139-8062-92f17-2.html | Third Party Advisory |
https://www.twcert.org.tw/tw/cp-132-8061-91872-1.html | Third Party Advisory |
Configurations
History
04 Oct 2024, 14:45
Type | Values Removed | Values Added |
---|---|---|
First Time |
Planet gs-4210-24pl4c Firmware
Planet gs-4210-24p2s Planet gs-4210-24pl4c Planet gs-4210-24p2s Firmware Planet |
|
References | () https://www.twcert.org.tw/en/cp-139-8062-92f17-2.html - Third Party Advisory | |
References | () https://www.twcert.org.tw/tw/cp-132-8061-91872-1.html - Third Party Advisory | |
CPE | cpe:2.3:h:planet:gs-4210-24pl4c:2.0:*:*:*:*:*:*:* cpe:2.3:h:planet:gs-4210-24p2s:3.0:*:*:*:*:*:*:* cpe:2.3:o:planet:gs-4210-24p2s_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:planet:gs-4210-24pl4c_firmware:*:*:*:*:*:*:*:* |
30 Sep 2024, 12:45
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
30 Sep 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-30 08:15
Updated : 2024-10-04 14:45
NVD link : CVE-2024-8456
Mitre link : CVE-2024-8456
CVE.ORG link : CVE-2024-8456
JSON object : View
Products Affected
planet
- gs-4210-24pl4c
- gs-4210-24p2s_firmware
- gs-4210-24pl4c_firmware
- gs-4210-24p2s
CWE
CWE-306
Missing Authentication for Critical Function