CVE-2024-8455

HIGH

PLANET Technology - Password Cracking

Title source: llm

Description

The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords.

References (2)

[Third Party Advisory] https://www.twcert.org.tw/tw/cp-132-8059-bde5f-1.html

[Third Party Advisory] https://www.twcert.org.tw/en/cp-139-8060-f3955-2.html

Scores

CVSS v3 8.1

EPSS 0.0021

EPSS Percentile 43.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-326 CWE-261

Status published

Products (3)

planet/gs-4210-24p2s_firmware < 3.305b240802

planet/gs-4210-24pl4c_firmware < 2.305b240719

planet/igs-5225-4up1t2s_firmware

Published Sep 30, 2024

Tracked Since Feb 18, 2026