← back
CVE-2024-8453

PLANET Technology switch devices - Weak hash for users' passwords

CVSS 4.9 MEDIUMEPSS 0.3%CWE-328CWE-759
Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext passwords.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected products
PLANET Technology · GS-4210-24P2S hardware 3.0PLANET Technology · GS-4210-24PL4C hardware 2.0

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.twcert.org.tw/en/cp-139-8056-09688-2.htmlhttps://www.twcert.org.tw/tw/cp-132-8055-2c361-1.html