430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

Critical flaws in WGS-804HPT switches could be chained to gain remote code execution on Planet Technology’s industrial devices. The Planet WGS-804HPT industrial switch is used in building and home automation networks to provide connectivity of Internet of things (IoT) devices, IP surveillance cameras, and wireless LAN network applications. This switch family is equipped with a […]

WGS-804HPT

Critical flaws in WGS-804HPT switches could be chained to gain remote code execution on Planet Technology’s industrial devices.

The Planet WGS-804HPT industrial switch is used in building and home automation networks to provide connectivity of Internet of things (IoT) devices, IP surveillance cameras, and wireless LAN network applications. This switch family is equipped with a web service and SNMP management interface.

Claroty researchers disclosed three vulnerabilities in Planet WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on vulnerable devices.

“The vulnerabilities include separate buffer and integer overflow vulnerabilities and an OS command injection flaw; we were able to develop an exploit that leverages these bugs and remotely runs code on the device.” reads the advisory published by Claroty. “An attacker who is able to remotely control one of these devices can use them to further exploit devices in an internal network and do lateral movement.”

The firmware analysis performed by the experts revealed vulnerabilities in the dispatcher.cgi interface of WGS-804HPT switches’ web service. Below are the vulnerabilities discovered by Claroty.

  • CVE-2024-48871 (CVSS score: 9.8) – Stack-based buffer overflow lets unauthenticated attackers execute remote code via malicious HTTP requests.
  • CVE-2024-52320 (CVSS score: 9.8) – OS command injection flaw allows unauthenticated attackers to execute remote code via malicious HTTP requests.
  • CVE-2024-52558 (CVSS score: 5.3) – Integer underflow flaw enables unauthenticated attackers to crash systems via malformed HTTP requests.

An attacker can exploit these vulnerabilities to hijack execution flow and run OS commands via shellcode in HTTP requests.

Successful exploitation of the flaws could permit an attacker to hijack the execution flow by embedding a shellcode in the HTTP request and gain the ability to execute operating system commands.

Planet Technology has released firmware version 1.305b241111 to address these issues.

The researchers pointed out that QEMU enabled them to emulate critical components, aiding in finding vulnerabilities, developing PoCs, and assessing the device’s potential impact.

“We privately disclosed these vulnerabilities to Taiwan-based Planet Technology, which addressed the security issues and advised users to upgrade firmware in the device to version 1.305b241111.” concludes the report.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, IOT)