CVE-2024-8456

Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:planet:gs-4210-24p2s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:planet:gs-4210-24p2s:3.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:planet:gs-4210-24pl4c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:planet:gs-4210-24pl4c:2.0:*:*:*:*:*:*:*

History

04 Oct 2024, 14:45

Type Values Removed Values Added
First Time Planet gs-4210-24pl4c Firmware
Planet gs-4210-24p2s
Planet gs-4210-24pl4c
Planet gs-4210-24p2s Firmware
Planet
References () https://www.twcert.org.tw/en/cp-139-8062-92f17-2.html - () https://www.twcert.org.tw/en/cp-139-8062-92f17-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-8061-91872-1.html - () https://www.twcert.org.tw/tw/cp-132-8061-91872-1.html - Third Party Advisory
CPE cpe:2.3:h:planet:gs-4210-24pl4c:2.0:*:*:*:*:*:*:*
cpe:2.3:h:planet:gs-4210-24p2s:3.0:*:*:*:*:*:*:*
cpe:2.3:o:planet:gs-4210-24p2s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:planet:gs-4210-24pl4c_firmware:*:*:*:*:*:*:*:*

30 Sep 2024, 12:45

Type Values Removed Values Added
Summary
  • (es) Ciertos modelos de conmutadores de PLANET Technology carecen de un control de acceso adecuado en la funcionalidad de carga y descarga de firmware, lo que permite que atacantes remotos no autenticados descarguen y carguen firmware y configuraciones del sistema, obteniendo en última instancia el control total de los dispositivos.

30 Sep 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-30 08:15

Updated : 2024-10-04 14:45


NVD link : CVE-2024-8456

Mitre link : CVE-2024-8456

CVE.ORG link : CVE-2024-8456


JSON object : View

Products Affected

planet

  • gs-4210-24pl4c
  • gs-4210-24p2s_firmware
  • gs-4210-24pl4c_firmware
  • gs-4210-24p2s
CWE
CWE-306

Missing Authentication for Critical Function