Critical flaws in WGS-804HPT switches could be chained to gain remote code execution on Planet Technology’s industrial devices.
The Planet WGS-804HPT industrial switch is used in building and home automation networks to provide connectivity of Internet of things (IoT) devices, IP surveillance cameras, and wireless LAN network applications. This switch family is equipped with a web service and SNMP management interface.
Claroty researchers disclosed three vulnerabilities in Planet WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on vulnerable devices.
“The vulnerabilities include separate buffer and integer overflow vulnerabilities and an OS command injection flaw; we were able to develop an exploit that leverages these bugs and remotely runs code on the device.” reads the advisory published by Claroty. “An attacker who is able to remotely control one of these devices can use them to further exploit devices in an internal network and do lateral movement.”
The firmware analysis performed by the experts revealed vulnerabilities in the dispatcher.cgi interface of WGS-804HPT switches’ web service. Below are the vulnerabilities discovered by Claroty.
- CVE-2024-48871 (CVSS score: 9.8) – Stack-based buffer overflow lets unauthenticated attackers execute remote code via malicious HTTP requests.
- CVE-2024-52320 (CVSS score: 9.8) – OS command injection flaw allows unauthenticated attackers to execute remote code via malicious HTTP requests.
- CVE-2024-52558 (CVSS score: 5.3) – Integer underflow flaw enables unauthenticated attackers to crash systems via malformed HTTP requests.
An attacker can exploit these vulnerabilities to hijack execution flow and run OS commands via shellcode in HTTP requests.
Successful exploitation of the flaws could permit an attacker to hijack the execution flow by embedding a shellcode in the HTTP request and gain the ability to execute operating system commands.
Planet Technology has released firmware version 1.305b241111 to address these issues.
The researchers pointed out that QEMU enabled them to emulate critical components, aiding in finding vulnerabilities, developing PoCs, and assessing the device’s potential impact.
“We privately disclosed these vulnerabilities to Taiwan-based Planet Technology, which addressed the security issues and advised users to upgrade firmware in the device to version 1.305b241111.” concludes the report.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, IOT)
