Planet Gs-4210-24pl4c
12 CVEs affecting Planet Gs-4210-24pl4c. Latest disclosed: 2024-09-30. Critical: 1, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-8456 | Critical | 9.8 | 2024-09-30 | Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attacker… |
CVE-2024-8458 | High | 8.8 | 2024-09-30 | Certain switch models from PLANET Technology have a web application that is vulnerable to Cross-Site Request Forgery (CSRF). An unauthenticated remote attacker… |
CVE-2024-8448 | High | 8.8 | 2024-09-30 | Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privil… |
CVE-2024-8450 | High | 8.6 | 2024-09-30 | Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowing unauthorized remote attackers to use this commu… |
CVE-2024-8455 | High | 8.1 | 2024-09-30 | The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communicat… |
CVE-2024-8452 | High | 7.5 | 2024-09-30 | Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowi… |
CVE-2024-8451 | High | 7.5 | 2024-09-30 | Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authenticated connection requests, allowing unauthorize… |
CVE-2024-8459 | High | 7.2 | 2024-09-30 | Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administ… |
CVE-2024-8449 | Medium | 6.8 | 2024-09-30 | Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to con… |
CVE-2024-8454 | Medium | 5.3 | 2024-09-30 | The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl… |
CVE-2024-8453 | Medium | 4.9 | 2024-09-30 | Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator… |
CVE-2024-8457 | Medium | 4.8 | 2024-09-30 | Certain switch models from PLANET Technology have a web application that does not properly validate specific parameters, allowing remote authenticated users wi… |