Cybersecurity researchers have disclosed three security flaws in Planet Expertise’s WGS-804HPT industrial switches that could possibly be chained to attain pre-authentication distant code execution on vulnerable units.
“These switches are extensively utilized in constructing and residential automation techniques for a wide range of networking purposes,” Claroty’s Tomer Goldschmidt mentioned in a Thursday report. “An attacker who is ready to remotely management one in all these units can use them to additional exploit units in an inner community and do lateral motion.”
The operational know-how security agency, which carried out an intensive evaluation of the firmware utilized in these switches utilizing the QEMU framework, mentioned the vulnerabilities are rooted within the dispatcher.cgi interface used to offer an internet service. The checklist of flaws is under –
- CVE-2024-52558 (CVSS rating: 5.3) – An integer underflow flaw that may enable an unauthenticated attacker to ship a malformed HTTP request, leading to a crash
- CVE-2024-52320 (CVSS rating: 9.8) – An working system command injection flaw that may enable an unauthenticated attacker to ship instructions by a malicious HTTP request, leading to distant code execution
- CVE-2024-48871 (CVSS rating: 9.8) – A stack-based buffer overflow flaw that may enable an unauthenticated attacker to ship a malicious HTTP request, leading to distant code execution
Profitable exploitation of the failings might allow an attacker to hijack the execution circulate by embedding a shellcode within the HTTP request and acquire the flexibility to execute working system instructions.
Following accountable disclosure, the Taiwanese firm has rolled out patches for the shortcomings with model 1.305b241111 launched on November 15, 2024.
