Planet: Security Vulnerabilities
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the radIpkey parameter in the web_radiusSrv_post function.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-05-20
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the stp_conf_name parameter in the web_stp_globalSetting_post function.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-05-20
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the host_ip parameter in the web_snmp_notifyv3_add_post function.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-05-20
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ruleNamekey parameter in the web_acl_mgmt_Rules_Apply_post function.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-05-20
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the web_sys_infoContact_post function.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-05-20
Certain switch models from PLANET Technology have a web application that does not properly validate specific parameters, allowing remote authenticated users with administrator privileges to inject arbitrary JavaScript, leading to Stored XSS attack.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-09-30
Certain switch models from PLANET Technology have a web application that is vulnerable to Cross-Site Request Forgery (CSRF). An unauthenticated remote attacker can trick a user into visiting a malicious website, allowing the attacker to impersonate the user and perform actions on their behalf, such as creating accounts.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-09-30
Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obtain the credentials.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-09-30
Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext passwords.
CVSS Score
4.9
EPSS Score
0.001
Published
2024-09-30
The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote attackers to send crafted packets that can crash the service.
CVSS Score
5.3
EPSS Score
0.003
Published
2024-09-30