MEDIUM🇵🇱 Wersja polska

CVE-2024-8453

CVSS 4.9v3.1pub. 2024-09-30upd. 2024-10-04

Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext passwords.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
  • Planet Gs 4210 24p2s

    HW
    Planet
    3.0
  • Planet Gs 4210 24p2s Firmware

    OS
    Planet
    < 3.305b240802
  • Planet Gs 4210 24pl4c

    HW
    Planet
    2.0
  • Planet Gs 4210 24pl4c Firmware

    OS
    Planet
    < 2.305b240719
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-8456CRITICAL9.8PL ✓ten sam produkt

Brak kontroli dostępu w firmware PLANET GS-4210 — przejęcie pełnej kontroli

CVE-2024-8450HIGH8.6ten sam produkt

Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowin...

CVE-2024-8451HIGH7.5ten sam produkt

Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authen...

CVE-2024-8452HIGH7.5ten sam produkt

Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and ...

CVE-2024-8448HIGH8.8ten sam produkt

Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interfa...