CVE-2024-8456

Name of the Vulnerable Software and Affected Versions: PLANET Technology switches (affected versions not specified)

Description: The issue is related to inadequate access control in the firmware upload and download functionality of certain switch models from PLANET Technology. This allows unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices. The problem is connected to weaknesses in the authentication procedure.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.