CVE-2024-8449
6.8
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user's password.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| PLANET Technology | GS-4210-24PL4C hardware 2.0 | 0 < 2.305b240719 | affected |
| PLANET Technology | GS-4210-24P2S hardware 3.0 | 0 < 3.305b240802 | affected |
Weaknesses
- CWE-798: CWE-798 Use of Hard-coded Credentials
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.twcert.org.tw/tw/cp-132-8047-adf79-1.html
- https://www.twcert.org.tw/en/cp-139-8048-f0e4d-2.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.