Stratos Ally

WGS-804HPT Switches Reportedly Vulnerable to RCE!  

Picture of StratosAlly

StratosAlly

WGS-804HPT Switches Reportedly Vulnerable to RCE! 

Planet Technology’s WGS-804HPT industrial switches, which are widely used in building and home automation systems for various networking applications, have been reported to house critical security flaws that could be linked to achieving pre-authentication remote code execution on vulnerable devices. Once the malicious actor achieves remote access to the vulnerable switch, this access could further be chained to access other internal infrastructure, making it a serious threat. The researchers believe that the flaw is rooted in the dispatcher.cgi interface, which is used to provide web services. 

Planet Technology switches have been identified with multiple flaws, which are as follows: 

  • CVE-2024-48871 – Carrying a CVSS score of 9.8 is a stack-based buffer overflow flaw that can allow an unauthenticated attacker to send a malicious HTTP request, resulting in remote code execution.  
  • CVE-2024-52320 – Carrying a CVSS score of 9.8 is an operating system command injection flaw that allows an unauthenticated attacker to send commands through a malicious HTTP request, resulting in remote code execution.  
  • CVE-2024-52558 – A Medium severity flaw with a score of 5.3 is an integer underflow flaw that can allow an unauthenticated attacker to send a malformed HTTP request, resulting in a crash.  

Successful exploitation of the flaws could allow an attacker to hijack the execution flow by embedding a shellcode in the HTTP request and gain the ability to execute operating system commands. Once the control is achieved on the switch, the attacker can further expand their reach into the internal network.  

Planet Technology recommends users to upgrade to version 1.305b241111 or later.  

Following are other remedial measures to minimize the risk of exploitation of these vulnerabilities:  

  • Minimize network exposure for all control system devices and/or systems to ensure they are not accessible over the internet.  
  • Isolate control system networks and remote devices from business networks by placing them behind firewalls.  
  • Use more secure methods, such as VPNs (Virtual Private Networks ), when remote access is required. Also, understand that VPNs may have vulnerabilities and should be updated to the latest available version. Do remember that a VPN is only as secure as the connected devices. 

 

 

   

more Related articles