CVE-2024-8459
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obtain the credentials.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| PLANET Technology | GS-4210-24PL4C hardware 2.0 | 0 < 2.305b240719 | affected |
| PLANET Technology | GS-4210-24P2S hardware 3.0 | 0 < 3.305b240802 | affected |
Weaknesses
- CWE-312: CWE-312 Cleartext Storage of Sensitive Information
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.twcert.org.tw/tw/cp-132-8067-2fc50-1.html
- https://www.twcert.org.tw/en/cp-139-8068-8aaa5-2.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.