CVE-2024-8453

EUVD-2024-49187
Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext passwords.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
twcertCNA
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
Affected Products (NVD)
VendorProductVersion
planetgs-4210-24p2s_firmware
𝑥
< 3.305b240802
planetgs-4210-24pl4c_firmware
𝑥
< 2.305b240719
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.twcert.org.tw/en/cp-139-8056-09688-2.html
https://www.twcert.org.tw/tw/cp-132-8055-2c361-1.html