fkie_cve-2024-8456
Vulnerability from fkie_nvd
Published
2024-09-30 08:15
Modified
2024-10-04 14:45
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices.
References
twcert@cert.org.twhttps://www.twcert.org.tw/en/cp-139-8062-92f17-2.htmlThird Party Advisory
twcert@cert.org.twhttps://www.twcert.org.tw/tw/cp-132-8061-91872-1.htmlThird Party Advisory
Impacted products
Vendor Product Version
planet gs-4210-24p2s_firmware *
planet gs-4210-24p2s 3.0
planet gs-4210-24pl4c_firmware *
planet gs-4210-24pl4c 2.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:planet:gs-4210-24p2s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89C0B4AA-848F-4AAC-8C51-8C10AEF0630A",
              "versionEndExcluding": "3.305b240802",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:planet:gs-4210-24p2s:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A30964B-E6B8-4B8A-BE2E-882C0F3D8298",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:planet:gs-4210-24pl4c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E17E272-4418-4CE7-8E59-44953D19D659",
              "versionEndExcluding": "2.305b240719",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:planet:gs-4210-24pl4c:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8029517-8FAB-4130-81F3-98BB09F4814E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices."
    },
    {
      "lang": "es",
      "value": "Ciertos modelos de conmutadores de PLANET Technology carecen de un control de acceso adecuado en la funcionalidad de carga y descarga de firmware, lo que permite que atacantes remotos no autenticados descarguen y carguen firmware y configuraciones del sistema, obteniendo en \u00faltima instancia el control total de los dispositivos."
    }
  ],
  "id": "CVE-2024-8456",
  "lastModified": "2024-10-04T14:45:39.920",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "twcert@cert.org.tw",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-09-30T08:15:04.797",
  "references": [
    {
      "source": "twcert@cert.org.tw",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.twcert.org.tw/en/cp-139-8062-92f17-2.html"
    },
    {
      "source": "twcert@cert.org.tw",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.twcert.org.tw/tw/cp-132-8061-91872-1.html"
    }
  ],
  "sourceIdentifier": "twcert@cert.org.tw",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "twcert@cert.org.tw",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.