CVE-2024-8450 HIGH

CVE-2024-8450: PLANET Technology switch devices - Hard-coded SNMPv1 read-write community string

Vendor Planet Technology
Product GS-4210-24PL4C hardware 2.0
Weakness CWE-798 · Hardcoded credentials
Published September 30, 2024
Last update September 30, 2024

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowing unauthorized remote attackers to use this community string to access the SNMPv1 service with read-write privileges.

Key dates

02Disclosure timeline

September 30, 2024 CVE published
September 30, 2024 Record updated