Hard-coded Credential in CLI Threatens Linux Root Access
CVE-2024-8448

8.8HIGH

Key Information:

Vendor: Planet Technology
Status: Gs-4210-24pl4c Hardware 2.0; Gs-4210-24p2s Hardware 3.0
Vendor: CVE Published:; 30 September 2024

🔔 Create Planet Technology Vulnerability Alert

What is CVE-2024-8448?

A vulnerability exists in certain switch models from PLANET Technology where a hard-coded credential is present within the command-line interface. This security flaw enables remote attackers with standard privileges to access the system using the built-in credentials, potentially providing them with a Linux root shell. This could lead to unauthorized control over the affected devices and exploitation of sensitive network configurations.

Affected Version(s)

GS-4210-24P2S hardware 3.0 0 < 3.305b240802

GS-4210-24PL4C hardware 2.0 0 < 2.305b240719

References

https://www.twcert.org.tw/tw/cp-132-8045-a2804-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-8046-057c2-2.html

third-party-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 30, 2024
Vulnerability Reserved
Sep 5, 2024