← volver
CVE-2024-8453

PLANET Technology switch devices - Weak hash for users' passwords

CVSS 4.9 MEDIUMEPSS 0.3%CWE-328CWE-759
Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext passwords.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Productos afectados
PLANET Technology · GS-4210-24P2S hardware 3.0PLANET Technology · GS-4210-24PL4C hardware 2.0

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.twcert.org.tw/en/cp-139-8056-09688-2.htmlhttps://www.twcert.org.tw/tw/cp-132-8055-2c361-1.html