PLANET Technology Product Security Update Advisory (CVE-2024-8456)

Oct 04 2024

Overview

An update has been released to address vulnerabilities in PLANET Technology Products. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-8456

GS-4210-24PL4C hardware version: 2.0
GS-4210-24P2S hardware version: 3.0

Resolved Vulnerabilities

Certain switch models from PLANET Technology lack proper access controls for firmware upload and download functionality, which could allow an unauthenticated remote attacker to download and upload firmware and system configuration, ultimately taking full control of the device (CVE-2024-8456)

Vulnerability Patches

The following product-specific Vulnerability Patches have been made available in the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-8456

GS-4210-24PL4C hardware version: 2.305B240719 or later version
GS-4210-24P2S hardware version: 3.305b240802 or later version

References

[1] CVE-2024-8456 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-8456

[2] PLANET Technology switch devices – Missing Authentication for multiple HTTP routes

https://www.twcert.org.tw/en/cp-139-8062-92f17-2.html

PLANET Technology Product Security Update Advisory (CVE-2024-8456)

Mozilla Products October 2024 1st Security Update Advisory

Cisco Family October 2024 First Round Security Update Advisory

Tags:

Mozilla Products October 2024 1st Security Update Advisory

Cisco Family October 2024 First Round Security Update Advisory