VYPR

Vendor CVEs

Planet

All CVEs

27 total · sorted by risk
  • CVE-2025-9972CriSep 17, 2025
    risk 0.64cvss 9.8epss 0.02

    Certain models of Industrial Cellular Gateway developed by Planet Technology have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the device.

  • CVE-2025-9971CriSep 17, 2025
    risk 0.64cvss 9.8epss 0.01

    Certain models of Industrial Cellular Gateway developed by Planet Technology have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to manipulate the device via a specific functionality.

  • CVE-2024-2740HigApr 11, 2024
    risk 0.50cvss 7.7epss 0.00

    Information exposure vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. This vulnerability could allow a remote attacker to access some administrative resources due to lack of proper management of the Switch web interface.

  • CVE-2024-2741HigApr 11, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. This vulnerability could allow a remote attacker to trick some authenticated users into performing actions in their session, such as adding or updating accounts…

  • CVE-2024-2742MedApr 11, 2024
    risk 0.42cvss 6.4epss 0.01

    Operating system command injection vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. An authenticated attacker could execute arbitrary code on the remote host by exploiting IP address functionality.

  • CVE-2026-3697MedMar 8, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in Planet ICG-2510 1.0_20250811. The impacted element is the function sub_40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer…

  • CVE-2025-54402Oct 7, 2025
    risk 0.00cvss epss 0.01

    Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these…

  • CVE-2025-54401Oct 7, 2025
    risk 0.00cvss epss 0.01

    Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these…

  • CVE-2025-54400Oct 7, 2025
    risk 0.00cvss epss 0.01

    Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these…

  • CVE-2025-54399Oct 7, 2025
    risk 0.00cvss epss 0.01

    Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these…

  • CVE-2025-54404Oct 7, 2025
    risk 0.00cvss epss 0.04

    Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command…

  • CVE-2025-54403Oct 7, 2025
    risk 0.00cvss epss 0.04

    Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command…

  • CVE-2025-48826Oct 7, 2025
    risk 0.00cvss epss 0.04

    A format string vulnerability exists in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to memory corruption. An attacker can send a series of HTTP requests to trigger this vulnerability.

  • CVE-2025-54406Oct 7, 2025
    risk 0.00cvss epss 0.04

    Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these…

  • CVE-2025-54405Oct 7, 2025
    risk 0.00cvss epss 0.04

    Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these…

  • CVE-2024-8455Sep 30, 2024
    risk 0.00cvss epss 0.00

    The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who…

  • CVE-2024-8454Sep 30, 2024
    risk 0.00cvss epss 0.01

    The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote attackers to send crafted packets that can crash the service.

  • CVE-2023-33553Jun 7, 2023
    risk 0.00cvss epss 0.01

    An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to root via manipulation of the LoginStatus cookie.

  • CVE-2022-45896Dec 25, 2022
    risk 0.00cvss epss 0.01

    Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Upload2.ashx can be used, or Ajax.asmx/ProcessUpload2. This leads to remote code execution.

  • CVE-2022-45893Dec 25, 2022
    risk 0.00cvss epss 0.01

    Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative and high-privileged user accounts by changing the value of the ON cookie. A brute-force attack can calculate a value that provides permanent access.

  • CVE-2022-45891Dec 25, 2022
    risk 0.00cvss epss 0.01

    Planet eStream before 6.72.10.07 allows attackers to call restricted functions, and perform unauthenticated uploads (Upload2.ashx) or access content uploaded by other users (View.aspx after Ajax.asmx/SaveGrantAccessList).

  • CVE-2022-45892Dec 25, 2022
    risk 0.00cvss epss 0.00

    In Planet eStream before 6.72.10.07, multiple Stored Cross-Site Scripting (XSS) vulnerabilities exist: Disclaimer, Search Function, Comments, Batch editing tool, Content Creation, Related Media, Create new user, and Change Username.

  • CVE-2022-45889Dec 25, 2022
    risk 0.00cvss epss 0.01

    Planet eStream before 6.72.10.07 allows a remote attacker (who is a publisher or admin) to obtain access to all records stored in the database, and achieve the ability to execute arbitrary SQL commands, via Search (the StatisticsResults.aspx flt parameter).

  • CVE-2020-26097Nov 18, 2020
    risk 0.00cvss epss 0.02

    The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no…

  • CVE-2007-4477Aug 22, 2007
    risk 0.00cvss epss 0.02

    The administration interface in the Planet VC-200M VDSL2 router allows remote attackers to cause a denial of service (administration interface outage) via an HTTP request without a Host header.

  • CVE-2005-3196Oct 14, 2005
    risk 0.00cvss epss 0.00

    Planet Technology Corp FGSW2402RS switch with firmware 1.2 has a default password, which allows attackers with physical access to the device's serial port to gain privileges.

  • CVE-2003-1507Dec 31, 2003
    risk 0.00cvss epss 0.02

    Planet Technology WGSD-1020 and WSW-2401 Ethernet switches use a default "superuser" account with the "planet" password, which allows remote attackers to gain administrative access.