Unrated severityNVD Advisory· Published Sep 30, 2024· Updated Sep 30, 2024

PLANET Technology switch devices - Swctrl service exchanges weakly encoded passwords

CVE-2024-8455

Description

The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords.

Affected products

Planet Technology/Igs 5225 4up1t2s Hardware 1.0v5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.twcert.org.tw/en/cp-139-8060-f3955-2.htmlmitrethird-party-advisory
www.twcert.org.tw/tw/cp-132-8059-bde5f-1.htmlmitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000