Description
The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords.
Related CPE's
Vulnerable
Vulnerable
Vulnerable
References
https://www.twcert.org.tw/en/cp-139-8060-f3955-2.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-8059-bde5f-1.html
Third Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2024-09-30T08:15:04.570
1 week agoLast modified
2024-10-04T14:45:48.727
4 days ago