What is CVE-2024-8455?

CVE-2024-8455 is a high-severity vulnerability in Planet Technology Gs-4210-24p2s Hardware 3.0, classified under Weak Encoding for Password. CVSS score: 8.1/10. Published 2024-09-30.

How severe is CVE-2024-8455?

High severity. CVSS v3 base score is 8.1 out of 10.

Vulnerability in Planet Technology Gs-4210-24p2s Hardware 3.0

CVE-2024-8455

The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength…

EPSS: 0.002 (43.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Planet Technology Gs-4210-24p2s Hardware 3.0 — versions 0
Planet Technology Gs-4210-24pl4c Hardware 2.0 — versions 0
Planet Technology Igs-5225-4up1t2s Hardware 1.0 — versions 0

Weakness classification (CWE)

CWE-261 — Weak Encoding for Password

References

www.twcert.org.tw/tw/cp-132-8059-bde5f-1.html (third-party-advisory)
www.twcert.org.tw/en/cp-139-8060-f3955-2.html (third-party-advisory)

Frequently asked questions

What is CVE-2024-8455?: CVE-2024-8455 is a high-severity vulnerability in Planet Technology Gs-4210-24p2s Hardware 3.0, classified under Weak Encoding for Password. CVSS score: 8.1/10. Published 2024-09-30.
How severe is CVE-2024-8455?: High severity. CVSS v3 base score is 8.1 out of 10.