CVE-2024-8450

Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowing unauthorized remote attackers to use this community string to access the SNMPv1 service with read-write privileges.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:planet:gs-4210-24p2s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:planet:gs-4210-24p2s:3.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:planet:gs-4210-24pl4c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:planet:gs-4210-24pl4c:2.0:*:*:*:*:*:*:*

History

04 Oct 2024, 15:08

Type Values Removed Values Added
References () https://www.twcert.org.tw/en/cp-139-8050-52f32-2.html - () https://www.twcert.org.tw/en/cp-139-8050-52f32-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-8049-83fe4-1.html - () https://www.twcert.org.tw/tw/cp-132-8049-83fe4-1.html - Third Party Advisory
CVSS v2 : unknown
v3 : 8.6
v2 : unknown
v3 : 9.8
CPE cpe:2.3:o:planet:gs-4210-24pl4c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:planet:gs-4210-24p2s:3.0:*:*:*:*:*:*:*
cpe:2.3:h:planet:gs-4210-24pl4c:2.0:*:*:*:*:*:*:*
cpe:2.3:o:planet:gs-4210-24p2s_firmware:*:*:*:*:*:*:*:*
First Time Planet gs-4210-24pl4c
Planet
Planet gs-4210-24pl4c Firmware
Planet gs-4210-24p2s
Planet gs-4210-24p2s Firmware

30 Sep 2024, 12:45

Type Values Removed Values Added
Summary
  • (es) Ciertos modelos de conmutadores de PLANET Technology tienen una cadena de comunidad codificada en el servicio SNMPv1, lo que permite que atacantes remotos no autorizados utilicen esta cadena de comunidad para acceder al servicio SNMPv1 con privilegios de lectura y escritura.

30 Sep 2024, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-30 07:15

Updated : 2024-10-04 15:08


NVD link : CVE-2024-8450

Mitre link : CVE-2024-8450

CVE.ORG link : CVE-2024-8450


JSON object : View

Products Affected

planet

  • gs-4210-24pl4c
  • gs-4210-24p2s_firmware
  • gs-4210-24pl4c_firmware
  • gs-4210-24p2s
CWE
CWE-798

Use of Hard-coded Credentials