CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52558 – Planet Technology Planet WGS-804HPT Integer Underflow
https://notcve.org/view.php?id=CVE-2024-52558
06 Dec 2024 — The affected product is vulnerable to an integer underflow. An unauthenticated attacker could send a malformed HTTP request, which could allow the attacker to crash the program. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-340-02 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52320 – Planet Technology Planet WGS-804HPT Command Injection
https://notcve.org/view.php?id=CVE-2024-52320
06 Dec 2024 — The affected product is vulnerable to a command injection. An unauthenticated attacker could send commands through a malicious HTTP request which could result in remote code execution. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-340-02 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48871 – Planet Technology Planet WGS-804HPT Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-48871
06 Dec 2024 — The affected product is vulnerable to a stack-based buffer overflow. An unauthenticated attacker could send a malicious HTTP request that the webserver fails to properly check input size before copying data to the stack, potentially allowing remote code execution. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-340-02 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-8459 – PLANET Technology switch devices - Cleartext storage of SNMPv3 users' passwords
https://notcve.org/view.php?id=CVE-2024-8459
30 Sep 2024 — Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obtain the credentials. • https://www.twcert.org.tw/tw/cp-132-8067-2fc50-1.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-8458 – PLANET Technology switch devices - Cross-site Request Forgery
https://notcve.org/view.php?id=CVE-2024-8458
30 Sep 2024 — Certain switch models from PLANET Technology have a web application that is vulnerable to Cross-Site Request Forgery (CSRF). An unauthenticated remote attacker can trick a user into visiting a malicious website, allowing the attacker to impersonate the user and perform actions on their behalf, such as creating accounts. • https://www.twcert.org.tw/tw/cp-132-8065-579c1-1.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-8456 – PLANET Technology switch devices - Missing Authentication for multiple HTTP routes
https://notcve.org/view.php?id=CVE-2024-8456
30 Sep 2024 — Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices. • https://www.twcert.org.tw/tw/cp-132-8061-91872-1.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-8449 – PLANET Technology switch devices - Local users' passwords recovery through hard-coded credentials
https://notcve.org/view.php?id=CVE-2024-8449
30 Sep 2024 — Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user's password. • https://www.twcert.org.tw/en/cp-139-8048-f0e4d-2.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-8448 – PLANET Technology switch devices - Remote privilege escalation using hard-coded credentials
https://notcve.org/view.php?id=CVE-2024-8448
30 Sep 2024 — Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and obtain a Linux root shell. • https://www.twcert.org.tw/en/cp-139-8046-057c2-2.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2007-4477
https://notcve.org/view.php?id=CVE-2007-4477
22 Aug 2007 — The administration interface in the Planet VC-200M VDSL2 router allows remote attackers to cause a denial of service (administration interface outage) via an HTTP request without a Host header. La interfaz de administración del enrutador Planet VC-200M VDSL2 permite a atacantes remotos provocar una denegación de servicio (parada de la interfaz de administración) mediante una petición HTTP sin la cabecera Host. • http://secunia.com/advisories/26559 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3196
https://notcve.org/view.php?id=CVE-2005-3196
14 Oct 2005 — Planet Technology Corp FGSW2402RS switch with firmware 1.2 has a default password, which allows attackers with physical access to the device's serial port to gain privileges. • http://marc.info/?l=bugtraq&m=112861552020302&w=2 •