CVE-2024-8458

Certain switch models from PLANET Technology have a web application that is vulnerable to Cross-Site Request Forgery (CSRF). An unauthenticated remote attacker can trick a user into visiting a malicious website, allowing the attacker to impersonate the user and perform actions on their behalf, such as creating accounts.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:planet:gs-4210-24p2s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:planet:gs-4210-24p2s:3.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:planet:gs-4210-24pl4c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:planet:gs-4210-24pl4c:2.0:*:*:*:*:*:*:*

History

04 Oct 2024, 14:28

Type Values Removed Values Added
References () https://www.twcert.org.tw/en/cp-139-8066-d6504-2.html - () https://www.twcert.org.tw/en/cp-139-8066-d6504-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-8065-579c1-1.html - () https://www.twcert.org.tw/tw/cp-132-8065-579c1-1.html - Third Party Advisory
First Time Planet gs-4210-24pl4c Firmware
Planet gs-4210-24p2s
Planet gs-4210-24pl4c
Planet gs-4210-24p2s Firmware
Planet
CPE cpe:2.3:h:planet:gs-4210-24pl4c:2.0:*:*:*:*:*:*:*
cpe:2.3:h:planet:gs-4210-24p2s:3.0:*:*:*:*:*:*:*
cpe:2.3:o:planet:gs-4210-24p2s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:planet:gs-4210-24pl4c_firmware:*:*:*:*:*:*:*:*

30 Sep 2024, 12:45

Type Values Removed Values Added
Summary
  • (es) Algunos modelos de conmutadores de PLANET Technology tienen una aplicación web que es vulnerable a Cross-Site Request Forgery (CSRF). Un atacante remoto no autenticado puede engañar a un usuario para que visite un sitio web malicioso, lo que le permite hacerse pasar por el usuario y realizar acciones en su nombre, como crear cuentas.

30 Sep 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-30 08:15

Updated : 2024-10-04 14:42


NVD link : CVE-2024-8458

Mitre link : CVE-2024-8458

CVE.ORG link : CVE-2024-8458


JSON object : View

Products Affected

planet

  • gs-4210-24pl4c_firmware
  • gs-4210-24pl4c
  • gs-4210-24p2s
  • gs-4210-24p2s_firmware
CWE
CWE-352

Cross-Site Request Forgery (CSRF)