CVE-2024-48871
📋 TL;DR
This vulnerability allows unauthenticated remote attackers to execute arbitrary code on affected systems by sending a specially crafted HTTP request that triggers a stack-based buffer overflow. The webserver fails to validate input size before copying data, leading to potential system compromise. Organizations using the affected product versions are at risk.
💻 Affected Systems
- Planet Technology networking equipment with vulnerable firmware
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system takeover with remote code execution, allowing attacker to install malware, steal data, or pivot to other systems.
Likely Case
Remote code execution leading to service disruption, data theft, or ransomware deployment.
If Mitigated
Denial of service if exploit fails but crashes the service, requiring restart.
🎯 Exploit Status
The vulnerability requires sending a malicious HTTP request, which is straightforward for attackers with network access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v1.305b241111
Vendor Advisory: https://www.planet.com.tw/en/support/downloads?method=keyword&keyword=v1.305b241111
Restart Required: Yes
Instructions:
1. Download firmware version v1.305b241111 from Planet Technology support site. 2. Backup current configuration. 3. Upload and apply the new firmware through the web interface or CLI. 4. Reboot the device. 5. Verify the firmware version is updated.
🔧 Temporary Workarounds
Disable HTTP Service
allDisable the vulnerable HTTP service and use HTTPS or other management interfaces if available.
configure terminal
no ip http server
end
write memory
Network Segmentation
linuxRestrict network access to the management interface using firewall rules.
iptables -A INPUT -p tcp --dport 80 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
🧯 If You Can't Patch
- Implement strict network access controls to limit HTTP traffic to trusted sources only.
- Deploy intrusion prevention systems (IPS) with signatures for buffer overflow attacks.
🔍 How to Verify
Check if Vulnerable:
Check the firmware version via web interface or CLI. If version is earlier than v1.305b241111, the system is vulnerable.Check Version:
show versionVerify Fix Applied:
Confirm firmware version is v1.305b241111 or later and test HTTP service functionality.📡 Detection & Monitoring
Log Indicators:
- Unusual HTTP requests with large payloads
- Webserver crash logs
- Failed authentication attempts to management interface
Network Indicators:
- HTTP requests with abnormally large headers or parameters
- Traffic to management ports from unexpected sources
SIEM Query:
source="webserver.log" AND (http_request_size>10000 OR status=500)