FlagThis

Cybersecurity researchers have uncovered three critical security flaws in Planet Technology's WGS-804HPT industrial switches. These vulnerabilities, detailed in a report by Claroty, can be chained together to achieve pre-authentication remote code execution. The vulnerabilities stem from weaknesses in the dispatcher.cgi interface used for web services, and include an integer underflow flaw (CVE-2024-52558) and two high severity flaws with a CVSS score of 9.8; an operating system command injection flaw (CVE-2024-52320) and a stack-based buffer overflow flaw (CVE-2024-48871)

These switches are widely deployed in building and home automation systems, making the vulnerabilities a significant concern. Successful exploitation could allow attackers to embed malicious shellcode into HTTP requests, enabling them to execute operating system commands and gain control over the network. Planet Technology has released patches addressing these issues with version 1.305b241111, made available on November 15, 2024. Users of these switches are urged to apply the patches immediately to protect against potential attacks.


References :

• ciso2ciso.com: Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation – Source:thehackernews.com
• The Hacker News: Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation
• ciso2ciso.com: Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution – Source: securityaffairs.com
• Security Risk Advisors: Vulnerabilities in Planet WGS-804HPT Industrial Switch Expose Critical Risks
• securityaffairs.com: Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution
• sra.io: Vulnerabilities in Planet WGS-804HPT Industrial Switch Expose Critical Risks

Classification:

• HashTags: #RCE #NetworkSecurity #IndustrialSwitches
• Company: Planet Technology
• Target: Automation Systems
• Product: WGS-804HPT Switches
• Feature: RCE
• Type: Vulnerability
• Severity: Major