Description
Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user's password.
References (2)
Core 2
Core References
Third Party Advisory third-party-advisory
https://www.twcert.org.tw/tw/cp-132-8047-adf79-1.html
Third Party Advisory third-party-advisory
https://www.twcert.org.tw/en/cp-139-8048-f0e4d-2.html
Scores
CVSS v3
6.8
EPSS
0.0026
EPSS Percentile
17.1%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-798
Status
published
Products (2)
planet/gs-4210-24p2s_firmware
< 3.305b240802
planet/gs-4210-24pl4c_firmware
< 2.305b240719
Published
Sep 30, 2024
Tracked Since
Feb 18, 2026