CVE-2024-8449

Name of the Vulnerable Software and Affected Versions: PLANET Technology switches (affected versions not specified)

Description: The issue concerns a hard-coded credential in the password recovering functionality of certain switch models from PLANET Technology. This allows an unauthenticated attacker to connect to the device via the serial console and use the credential to reset any user's password.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.