Summary: The Taiwan Computer Emergency Response Team (TWCERT/CC) has issued security advisories regarding critical vulnerabilities in various PLANET Technology switch models, which could lead to severe security risks such as remote code execution and unauthorized access. Users are urged to update their firmware to mitigate these vulnerabilities.
Threat Actor: Unknown | Unknown
Victim: PLANET Technology | PLANET Technology
Key Point :
- Critical vulnerabilities identified include hard-coded credentials, cleartext password storage, and missing authentication.
- Specific CVE identifiers have been assigned to each vulnerability, highlighting their severity and potential impact.
- Firmware updates have been released to address these vulnerabilities, and users are strongly advised to apply them promptly.
- Network administrators should monitor activity and enforce strong security policies to protect against exploitation.
- End-of-life devices should be replaced to maintain security and support.
The Taiwan Computer Emergency Response Team (TWCERT/CC) has released a series of security advisories highlighting critical vulnerabilities affecting various PLANET Technology switch models. These vulnerabilities range in severity, with potential impacts including remote code execution, unauthorized access, and denial of service.
Vulnerability Assessment
The identified vulnerabilities, assigned Common Vulnerabilities and Exposures (CVE) identifiers, span a spectrum of security weaknesses:
- Hard-Coded Credentials (CVE-2024-8448, CVE-2024-8449): Undocumented credentials embedded within the firmware, enabling unauthorized access and potential password recovery.
- Cleartext Password Storage (CVE-2024-8459): Unencrypted storage of sensitive credentials, facilitating unauthorized access.
- Cross-Site Request Forgery (CSRF) (CVE-2024-8458): Enables attackers to execute unauthorized actions on behalf of authenticated users.
- Cross-Site Scripting (XSS) (CVE-2024-8457): Injection of malicious scripts into web pages viewed by other users, potentially leading to data theft or session hijacking.
- Missing Authentication (CVE-2024-8456, CVSS 9.8): Absence of proper access controls, allowing unauthorized access to critical functionalities such as firmware upload and download.
- Weakly Encoded Passwords (CVE-2024-8455): Insecure password encoding, making them susceptible to cracking attempts.
- Insecure Hash Functions (CVE-2024-8452, CVE-2024-8453): Use of outdated hashing algorithms, compromising the security of stored credentials.
- Denial of Service (DoS) (CVE-2024-8454, CVE-2024-8451): Vulnerabilities that could be exploited to disrupt or render the devices unavailable.
Affected Products
The following PLANET Technology switch models are impacted:
- GS-4210-24PL4C (hardware 2.0)
- GS-4210-24P2S (hardware 3.0)
- IGS-5225-4UP1T2S (hardware 1.0) – End of Life
Mitigation
PLANET Technology has released firmware updates to address these vulnerabilities. Users are strongly advised to update their devices to the latest firmware versions:
- GS-4210-24PL4C (hardware 2.0): Version 2.305b240719 or later
- GS-4210-24P2S (hardware 3.0): Version 3.305b240802 or later
The IGS-5225-4UP1T2S has reached its End of Life and is no longer supported. Replacement is recommended.
Recommendations
Network administrators and users of PLANET Technology switches are advised to:
- Apply Updates Promptly: Implement the recommended firmware updates without delay.
- Monitor Network Activity: Employ robust network monitoring and intrusion detection systems to identify suspicious activity.
- Review Security Policies: Enforce strong password policies and access controls.
- Consider Replacement: Evaluate replacing end-of-life devices to ensure ongoing security and support.