CVE-2024-8449

Sažetak

Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user's password.

Reference

https://www.twcert.org.tw/en/cp-139-8048-f0e4d-2.html
https://www.twcert.org.tw/tw/cp-132-8047-adf79-1.html

CVSS

Base:	6.8
Impact:	5.9
Exploitability:	0.9

Pristup

Vektor	Složenost	Autentikacija
PHYSICAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

04-10-2024 - 15:08

Objavljeno

30-09-2024 - 07:15