CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-8455

High Severity
Planet
SVRS
56/100
CVSSv3
5.9/10
EPSS
0.00088/1

CVE-2024-8455 is a security vulnerability affecting PLANET Technology devices, specifically related to the swctrl service. This service, designed for remote management, uses weakly encoded authentication tokens derived from user passwords. Due to this insufficient encryption, attackers intercepting network traffic can easily crack these tokens to reveal plaintext passwords. The SOCRadar Vulnerability Risk Score (SVRS) for CVE-2024-8455 is 56, indicating a medium level of risk. Although not critical (SVRS > 80), this vulnerability could allow unauthorized remote access to affected devices. This poses a significant risk, especially for devices deployed in sensitive network environments. Immediate mitigation steps should be considered to protect against potential exploitation. Successful exploitation leads to complete compromise of the device and network.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:H
PR:N
UI:N
S:U
C:H
I:N
A:N
PUBLICATION DATE2024-09-30
LAST MODIFIED2024-10-04

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-8455 | PLANET Technology IGS-5225-4UP1T2S Hardware 1.0 swctrl Service weak encoding for password
vuldb.com2024-09-30
CVE-2024-8455 | PLANET Technology IGS-5225-4UP1T2S Hardware 1.0 swctrl Service weak encoding for password | A vulnerability was found in PLANET Technology GS-4210-24PL4C Hardware 2.0, GS-4210-24P2S Hardware 3.0 and IGS-5225-4UP1T2S Hardware 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component swctrl Service. The manipulation leads to weak encoding for password. This vulnerability is known
cve-2024-8455
domains
urls
cves

Social Media

CVE-2024-8455 Remote Password Cracking in PLANET Technology Swctrl Service The swctrl service is used to find and manage PLANET Technology devices remotely. For some switch models, the authentication tokens are j... https://t.co/c6FVjMdTuV
0
0
0

Affected Software

Configuration 3
TypeVendorProduct
OSPlanetigs-5225-4up1t2s_firmware

References

ReferenceLink
[email protected]https://www.twcert.org.tw/en/cp-139-8060-f3955-2.html
[email protected]https://www.twcert.org.tw/tw/cp-132-8059-bde5f-1.html

CWE Details

CWE IDCWE NameDescription
CWE-261Weak Encoding for PasswordObscuring a password with a trivial encoding does not protect the password.
CWE-326Inadequate Encryption StrengthThe software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence