CVE-2026-3828

Some Hikvision switch products discontinued since December 2023 are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leadi...

Siemens SCALANCE X-200RNA Switch Devices Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2014-8176)

The dtls1clearqueues function in ssl/d1lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a deni...

Siemens SCALANCE X-200RNA Switch Devices Improper Access Control (CVE-2015-5352)

The x11openhelper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time...

Siemens SCALANCE X-200RNA Switch Devices Concurrent Execution Using Shared Resource with Improper Synchronization (CVE-2003-1562)

sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password...

CVE-2024-8459 PLANET Technology switch devices - Cleartext storage of SNMPv3 users' passwords

Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obtain the credentials...

CVE-2024-8458 PLANET Technology switch devices - Cross-site Request Forgery

Certain switch models from PLANET Technology have a web application that is vulnerable to Cross-Site Request Forgery CSRF. An unauthenticated remote attacker can trick a user into visiting a malicious website, allowing the attacker to impersonate the user and perform actions on their behalf, such...

CVE-2024-8457 PLANET Technology switch devices - Stored cross-site scripting (XSS) in the User Management

Certain switch models from PLANET Technology have a web application that does not properly validate specific parameters, allowing remote authenticated users with administrator privileges to inject arbitrary JavaScript, leading to Stored XSS attack...

CVE-2024-8456 PLANET Technology switch devices - Missing Authentication for multiple HTTP routes

Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices...

CVE-2024-8456 PLANET Technology switch devices - Missing Authentication for multiple HTTP routes

Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices...

CVE-2024-8455 PLANET Technology switch devices - Swctrl service exchanges weakly encoded passwords

The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets ca...

CVE-2024-8455 PLANET Technology switch devices - Swctrl service exchanges weakly encoded passwords

The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets ca...

CVE-2024-8454 PLANET Technology switch devices - Swctrl service DoS attack

The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote attackers to send crafted packets that can crash the service...

CVE-2024-8454 PLANET Technology switch devices - Swctrl service DoS attack

The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote attackers to send crafted packets that can crash the service...

CVE-2024-8453 PLANET Technology switch devices - Weak hash for users' passwords

Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext passwords...

CVE-2024-8452 PLANET Technology switch devices - Insecure hash functions used for SNMPv3 credentials

Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowing attackers to obtain plaintext SNMPv3 credentials potentially...

CVE-2024-8451 PLANET Technology switch devices - SSH server DoS attack

Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authenticated connection requests, allowing unauthorized remote attackers to exploit this weakness to occupy connection slots and prevent legitimate users from accessing the SSH service...

CVE-2024-8449 PLANET Technology switch devices - Local users' passwords recovery through hard-coded credentials

Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user's password...

CVE-2024-8448 PLANET Technology switch devices - Remote privilege escalation using hard-coded credentials

Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and obtain a Linux root shell...

CVE-2024-8448

PLANET Technology switch models are affected by CVE-2024-8448 due to a hard-coded credential in the CLI, enabling remote attackers with regular privileges to login and obtain a Linux root shell. The vulnerability affects certain PLANET switches (specific models not publicly detailed in the source...

PLANET switch devices 安全漏洞

PLANET switch devices are a series of switch devices from PLANET China. A security vulnerability exists in PLANET switch devices, which arises from the SSH service mishandling connection requests that are not adequately authenticated, allowing unauthorized remote attackers to exploit this weaknes...