Vulnerabilities > Planet > GS 4210 24P2S Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-09-30 CVE-2024-8456 Missing Authentication for Critical Function vulnerability in Planet Gs-4210-24P2S Firmware and Gs-4210-24Pl4C Firmware
Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices.
network
low complexity
planet CWE-306
critical
9.8
2024-09-30 CVE-2024-8450 Use of Hard-coded Credentials vulnerability in Planet Gs-4210-24P2S Firmware and Gs-4210-24Pl4C Firmware
Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowing unauthorized remote attackers to use this community string to access the SNMPv1 service with read-write privileges.
network
low complexity
planet CWE-798
critical
9.8