HIGH🇵🇱 Wersja polska

CVE-2024-8448

CVSS 8.8v3.1pub. 2024-09-30upd. 2024-10-04

Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and obtain a Linux root shell.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Planet Gs 4210 24p2s

    HW
    Planet
    3.0
  • Planet Gs 4210 24p2s Firmware

    OS
    Planet
    < 3.305b240802
  • Planet Gs 4210 24pl4c

    HW
    Planet
    2.0
  • Planet Gs 4210 24pl4c Firmware

    OS
    Planet
    < 2.305b240719
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-8456CRITICAL9.8PL ✓ten sam produkt

Brak kontroli dostępu w firmware PLANET GS-4210 — przejęcie pełnej kontroli

CVE-2024-8451HIGH7.5ten sam produkt

Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authen...

CVE-2024-8452HIGH7.5ten sam produkt

Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and ...

CVE-2024-8450HIGH8.6ten sam produkt

Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowin...

CVE-2024-8455HIGH8.1ten sam produkt

The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models,...