PLANET Technology Security Advisory - Vulnerability Notification for GS-4210-24PL4C & GS-4210-24P2S
CVE
Summary
PLANET Technology has released firmware updates to address multiple security vulnerabilities affecting the GS-4210-24PL4C and GS-4210-24P2S switches. These vulnerabilities, if unpatched, may lead to unauthorized access, denial-of-service, and exposure of sensitive information. We strongly recommend that all users update their devices to ensure optimal security and functionality.
What Are the Risks Associated with This Vulnerability?

Potential Risks of These Vulnerabilities

The identified vulnerabilities impact hardware version 2.0 and GS-4210-24P2S hardware version 3.0. Potential risks include:

• Unauthorized root access, configuration exposure, and denial-of-service, impacting device availability and data confidentiality. 

Related CVE IDs: CVE-2024-8448, CVE-2024-8449, CVE-2024-8451, CVE-2024-8454, CVE-2024-8456.

• Weak cryptographic practices and clear text storage of SNMPv3 passwords within configuration files, which can allow attackers to retrieve sensitive credentials. 

Related CVE IDs: CVE-2024-8450, CVE-2024-8452, CVE-2024-8453, CVE-2024-8455, CVE-2024-8459.

Given these risks, it is essential to apply the available firmware updates as soon as possible to safeguard your network and prevent exploitation.

Which Versions Are Affected and What Should You Do?
After a comprehensive investigation, we have identified the impacted product versions and released updated firmware to mitigate this vulnerability. The affected products and available patches are listed in the table below:
Product Series Affected Version Patch Availability
GS-4210-24PL4C hardware 2.0 Update to 2.305b240719 or later
GS-4210-24P2S hardware 3.0

Update to 3.305b240802 or later

How to Get Assistance
If you have any questions or require assistance, please contact PLANET's technical support team or reach out to your PLANET distributor. We are here to provide additional guidance and support.
Acknowledgment
We would like to express our appreciation to Agenzia per la Cybersicurezza Nazionale (ACN) for reporting this issue.
Revision History
2024-11-06: Initial version
Contact Us