NULL pointer dereference in Planet Gs-4210-24p2s
CVE-2024-8454
The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote attackers to send crafted packets that…
Vulnerability class: DoS (Denial of Service)
EPSS: 0.006 (43.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.
Affected products
- Planet Gs-4210-24p2s — versions 3.0
- Planet Gs-4210-24p2s_firmware
- Planet Gs-4210-24pl4c — versions 2.0
- Planet Gs-4210-24pl4c_firmware
- Planet Technology Gs-4210-24p2s Hardware 3.0 — versions 0
- Planet Technology Gs-4210-24pl4c Hardware 2.0 — versions 0
- Planet Technology Igs-5225-4up1t2s Hardware 1.0 — versions 0
Weakness classification (CWE)
References
- twcert@cert.org.tw (Third Party Advisory, third-party-advisory)
- twcert@cert.org.tw (Third Party Advisory, third-party-advisory)
Frequently asked questions
- What is CVE-2024-8454?
- CVE-2024-8454 is a medium-severity vulnerability in Planet Gs-4210-24p2s, classified under Uncontrolled Resource Consumption. CVSS score: 5.3/10. Published 2024-09-30.
- How severe is CVE-2024-8454?
- Medium severity. CVSS v3 base score is 5.3 out of 10.