Home   »   Supports  »   »   Security Advisories   »   

PLANET Technology Security Advisory – Vulnerability Notification for GS-4210-24PL4C & GS-4210-24P2S

PLANET Technology Security Advisory – Vulnerability Notification for GS-4210-24PL4C & GS-4210-24P2S

CVE

CVE-2024-8448 , CVE-2024-8449 , CVE-2024-8450 , CVE-2024-8451 , CVE-2024-8452 , CVE-2024-8453 , CVE-2024-8454 , CVE-2024-8455 , CVE-2024-8456 , CVE-2024-8457 , CVE-2024-8458 , CVE-2024-8459

Summer

PLANET Technology has released firmware updates to address multiple security vulnerabilities affecting the GS-4210-24PL4C and GS-4210-24P2S switches. These vulnerabilities, if unpatched, may lead to unauthorized access, denial-of-service, and exposure of sensitive information. We strongly recommend that all users update their devices to ensure optimal security and functionality.

What Are the Risks Associated with This Vulnerability?

Potential Risks of These Vulnerabilities

The identified vulnerabilities impact hardware version 2.0 and GS-4210-24P2S hardware version 3.0. Potential risks include:

•Unauthorized root access, configuration exposure, and denial-of-service, impacting device availability and data confidentiality.

Related CVE IDs: CVE-2024-8448, CVE-2024-8449, CVE-2024-8451, CVE-2024-8454, CVE-2024-8456.

•Weak cryptographic practices and clear text storage of SNMPv3 passwords within configuration files, which can allow attackers to retrieve sensitive credentials.

Related CVE IDs: CVE-2024-8450, CVE-2024-8452, CVE-2024-8453, CVE-2024-8455, CVE-2024-8459.

Given these risks, it is essential to apply the available firmware updates as soon as possible to safeguard your network and prevent exploitation.

Which Versions Are Affected and What Should You Do

After a comprehensive investigation, we have identified the impacted product versions and released updated firmware to mitigate this vulnerability. The affected products and available patches are listed in the table below:

Product Series

Affected Version

Patch Availability

GS-4210-24PL4C

hardware 2.0

Update to 2.305b240719 or later

GS-4210-24P2S

hardware 3.0

Update to 3.305b240802 or later

How to Get Assistance

If you have any questions or require assistance, please contact PLANET’s technical support team or reach out to your PLANET distributor. We are here to provide additional guidance and support.

Acknowledgment

We would like to express our appreciation to Agenzia per la Cybersicurezza Nazionale (ACN) for reporting this issue.

Revision History

2024-11-06: Initial version

Subscribe to PLANET e Newsletter

Receive the latest product information and company news!