Vulnerabilities > CVE-2024-8453 - Use of a One-Way Hash without a Salt vulnerability in Planet Gs-4210-24P2S Firmware and Gs-4210-24Pl4C Firmware

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

planet

CWE-759

NVD

Published: 2024-09-30

Updated: 2024-10-04

Summary

Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext passwords.

Vulnerable Configurations

Part	Description	Count
OS	Planet Planet GS 4210 24P2S Firmware * Planet GS 4210 24Pl4C Firmware *	2
Hardware	Planet Planet GS 4210 24P2S 3.0 Planet GS 4210 24Pl4C 2.0	2

Common Weakness Enumeration (CWE)

CWE-759 - Use of a One-Way Hash without a Salt

References

https://www.twcert.org.tw/tw/cp-132-8055-2c361-1.html
https://www.twcert.org.tw/en/cp-139-8056-09688-2.html