← voltar
CVE-2024-8456

PLANET Technology switch devices - Missing Authentication for multiple HTTP routes

CVSS 9.8 CRITICALEPSS 0.6%CWE-306
Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
PLANET Technology · GS-4210-24P2S hardware 3.0PLANET Technology · GS-4210-24PL4C hardware 2.0

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.twcert.org.tw/en/cp-139-8062-92f17-2.htmlhttps://www.twcert.org.tw/tw/cp-132-8061-91872-1.html