Approved changes feed: RSS · Atom

cpe:2.3:a:planet_technology:gs-4210-24pl4c_hardware_2.0:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorPlanet Technology (11e26f84-f5fe-571b-ab07-4da50e0ddc72)
ProductGs 4210 24Pl4C Hardware 2.0 (59fb3de1-9bfe-5e59-860a-a39d9269bcb3)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-8459 vulnerable 2026-06-08 07:00:24.695812 PLANET Technology switch devices - Cleartext storage of SNMPv3 users' passwords
HIGH (7.2)
Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obtain the credentials.
Published: 2024-09-30T07:59:27.614Z
Updated: 2024-09-30T16:13:57.982Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-8458 vulnerable 2026-06-08 07:00:24.694958 PLANET Technology switch devices - Cross-site Request Forgery
HIGH (8.8)
Certain switch models from PLANET Technology have a web application that is vulnerable to Cross-Site Request Forgery (CSRF). An unauthenticated remote attacker can trick a user into visiting a malicious website, allowing the attacker to impersonate the user and perform actions on their behalf, such as creating accounts.
Published: 2024-09-30T07:45:34.664Z
Updated: 2024-09-30T16:47:20.988Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-8457 vulnerable 2026-06-08 07:00:24.694062 PLANET Technology switch devices - Stored cross-site scripting (XSS) in the User Management
MEDIUM (4.8)
Certain switch models from PLANET Technology have a web application that does not properly validate specific parameters, allowing remote authenticated users with administrator privileges to inject arbitrary JavaScript, leading to Stored XSS attack.
Published: 2024-09-30T07:39:17.778Z
Updated: 2024-09-30T15:46:39.115Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-8456 vulnerable 2026-06-08 07:00:24.693242 PLANET Technology switch devices - Missing Authentication for multiple HTTP routes
CRITICAL (9.8)
Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices.
Published: 2024-09-30T07:35:04.179Z
Updated: 2024-09-30T16:51:08.872Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-8455 vulnerable 2026-06-08 07:00:24.689248 PLANET Technology switch devices - Swctrl service exchanges weakly encoded passwords
HIGH (8.1)
The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords.
Published: 2024-09-30T07:24:49.379Z
Updated: 2024-09-30T16:54:36.168Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-8454 vulnerable 2026-06-08 07:00:24.686559 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-8453 vulnerable 2026-06-08 07:00:24.680405 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-8452 vulnerable 2026-06-08 07:00:24.679470 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-8451 vulnerable 2026-06-08 07:00:24.678630 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-8450 vulnerable 2026-06-08 07:00:24.677832 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-8449 vulnerable 2026-06-08 07:00:24.676935 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-8448 vulnerable 2026-06-08 07:00:24.670707 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.