J. Daniel Martinez

**Name of the Vulnerable Software and Affected Versions** Planet IGS-4215-16T2S version 1.305b210528 **Description** The issue is related to an information exposure vulnerability. It could allow a remote attacker to access some administrative resources due to the lack of proper management of the Switch web interface. There is a risk of remote exploitation. **Recommendations** Update the firmware to a version that addresses this issue. Restrict access to the web interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Planet IGS-4215-16T2S version 1.305b210528 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability that could allow a remote attacker to trick some authenticated users into performing actions in their session. This includes actions such as adding or updating accounts through the Switch web interface. **Recommendations** For Planet IGS-4215-16T2S version 1.305b210528, consider disabling access to the web interface until a patch is available to prevent exploitation of the CSRF vulnerability. Restrict access to the Switch web interface to minimize the risk of unauthorized account modifications.

**Name of the Vulnerable Software and Affected Versions** Planet IGS-4215-16T2S version 1.305b210528 **Description** The issue allows an authenticated attacker to execute arbitrary code on the remote host by exploiting IP address functionality. This is an operating system command injection vulnerability. **Recommendations** For Planet IGS-4215-16T2S version 1.305b210528, consider restricting access to IP address functionality until a patch is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.