CVE-2024-8456 PLANET Technology switch devices - Missing Authentication for multiple HTTP routes

🗓️ 30 Sep 2024 07:35:04Reported by twcertType

PLANET Technology switch devices - Missing Authentication for multiple HTTP route

Reporter	Title	Published	Views	Family All 9
BDU FSTEC	Vulnerability of loading and downloading functions for microprogramming software of PLANET Technology devices, allowing attackers to bypass authentication processes and execute arbitrary code.	3 Oct 202400:00	–	bdu_fstec
Circl	CVE-2024-8456	30 Sep 202410:48	–	circl
CNNVD	PLANET switch devices 访问控制错误漏洞	30 Sep 202400:00	–	cnnvd
CVE	CVE-2024-8456	30 Sep 202407:35	–	cve
EUVD	EUVD-2024-49190	3 Oct 202520:07	–	euvd
NVD	CVE-2024-8456	30 Sep 202408:15	–	nvd
OSV	CVE-2024-8456	30 Sep 202408:15	–	osv
Positive Technologies	PT-2024-6553 · Planet Technology · Planet Technology Switch	30 Sep 202400:00	–	ptsecurity
Vulnrichment	CVE-2024-8456 PLANET Technology switch devices - Missing Authentication for multiple HTTP routes	30 Sep 202407:35	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "GS-4210-24PL4C hardware 2.0",
    "vendor": "PLANET Technology",
    "versions": [
      {
        "lessThan": "2.305b240719",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GS-4210-24P2S hardware 3.0",
    "vendor": "PLANET Technology",
    "versions": [
      {
        "lessThan": "3.305b240802",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
twcert	www.twcert.org.tw/tw/cp-132-8061-91872-1.html
twcert	www.twcert.org.tw/en/cp-139-8062-92f17-2.html

30 Sep 2024 07:35Current

CVSS 3.19.8

EPSS0.00579

CWE-306