Planet Gs-4210-24p2s Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Planet Gs-4210-24p2s Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2024-8456 — CVSS 9.8 (critical): Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing…
CVE-2024-8458 — CVSS 8.8 (high): Certain switch models from PLANET Technology have a web application that is vulnerable to Cross-Site Request Forgery (CSRF). An…
CVE-2024-8448 — CVSS 8.8 (high): Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers…
CVE-2024-8450 — CVSS 8.6 (high): Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowing unauthorized remote…
CVE-2024-8455 — CVSS 8.1 (high): The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens…
CVE-2024-8451 — CVSS 7.5 (high): Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authenticated connection requests…
CVE-2024-8452 — CVSS 7.5 (high): Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the…
CVE-2024-8459 — CVSS 7.2 (high): Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote…
CVE-2024-8449 — CVSS 6.8 (medium): Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an…
CVE-2024-8454 — CVSS 5.3 (medium): The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service…
CVE-2024-8453 — CVSS 4.9 (medium): Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers…
CVE-2024-8457 — CVSS 4.8 (medium): Certain switch models from PLANET Technology have a web application that does not properly validate specific parameters, allowing remote…