← volver
CVE-2024-8456

PLANET Technology switch devices - Missing Authentication for multiple HTTP routes

CVSS 9.8 CRITICALEPSS 0.6%CWE-306
Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
PLANET Technology · GS-4210-24P2S hardware 3.0PLANET Technology · GS-4210-24PL4C hardware 2.0

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.twcert.org.tw/en/cp-139-8062-92f17-2.htmlhttps://www.twcert.org.tw/tw/cp-132-8061-91872-1.html