CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-8459 – PLANET Technology switch devices - Cleartext storage of SNMPv3 users' passwords
https://notcve.org/view.php?id=CVE-2024-8459
30 Sep 2024 — Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obtain the credentials. • https://www.twcert.org.tw/tw/cp-132-8067-2fc50-1.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-8458 – PLANET Technology switch devices - Cross-site Request Forgery
https://notcve.org/view.php?id=CVE-2024-8458
30 Sep 2024 — Certain switch models from PLANET Technology have a web application that is vulnerable to Cross-Site Request Forgery (CSRF). An unauthenticated remote attacker can trick a user into visiting a malicious website, allowing the attacker to impersonate the user and perform actions on their behalf, such as creating accounts. • https://www.twcert.org.tw/tw/cp-132-8065-579c1-1.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-8456 – PLANET Technology switch devices - Missing Authentication for multiple HTTP routes
https://notcve.org/view.php?id=CVE-2024-8456
30 Sep 2024 — Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices. • https://www.twcert.org.tw/tw/cp-132-8061-91872-1.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-8449 – PLANET Technology switch devices - Local users' passwords recovery through hard-coded credentials
https://notcve.org/view.php?id=CVE-2024-8449
30 Sep 2024 — Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user's password. • https://www.twcert.org.tw/en/cp-139-8048-f0e4d-2.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-8448 – PLANET Technology switch devices - Remote privilege escalation using hard-coded credentials
https://notcve.org/view.php?id=CVE-2024-8448
30 Sep 2024 — Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and obtain a Linux root shell. • https://www.twcert.org.tw/en/cp-139-8046-057c2-2.html • CWE-798: Use of Hard-coded Credentials •