Summary: Cybersecurity researchers have identified three critical vulnerabilities in Planet Technology’s WGS-804HPT industrial switches, which could be exploited for pre-authentication remote code execution. These switches are commonly used in building and home automation systems, making them attractive targets for attackers. The vulnerabilities stem from the dispatcher.cgi interface and have been addressed by the vendor with patches.

Threat Actor: Unspecified | Unspecified
Victim: Planet Technology | Planet Technology

Keypoints :

• Three vulnerabilities identified: CVE-2024-52558, CVE-2024-52320, and CVE-2024-48871.
• CVE-2024-52320 and CVE-2024-48871 both allow for remote code execution with a CVSS score of 9.8.
• Patches were released by Planet Technology on November 15, 2024, to address these vulnerabilities.