Login Sign Up

CVE-2024-8454

5.3 MEDIUM
Denial of Service

📋 TL;DR

CVE-2024-8454 is a denial-of-service vulnerability in the swctrl service used by certain PLANET Technology switch models. Unauthenticated remote attackers can crash the service by sending specially crafted packets. Organizations using affected PLANET switch models are impacted.

💻 Affected Systems

Products:
  • PLANET Technology switches with swctrl service
Versions: Specific affected versions not detailed in references; check vendor advisory for exact models.
Operating Systems: Embedded firmware on PLANET switches
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default configuration of affected devices when swctrl service is enabled.

📦 What is this software?

Gs 4210 24p2s Firmware by Planet

View all CVEs affecting Gs 4210 24p2s Firmware →

Gs 4210 24pl4c Firmware by Planet

View all CVEs affecting Gs 4210 24pl4c Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Persistent service disruption causing network outages, requiring physical device restart or reconfiguration.

🟠

Likely Case

Temporary service interruption affecting device management capabilities until service restarts.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring to detect and block attack attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Crafting DoS packets requires minimal technical skill; no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor firmware updates for specific models

Vendor Advisory: https://www.twcert.org.tw/en/cp-139-8058-cc391-2.html

Restart Required: Yes

Instructions:

1. Identify affected PLANET switch models. 2. Check vendor website for firmware updates. 3. Download and apply latest firmware. 4. Restart device to activate patch.

🔧 Temporary Workarounds

Disable swctrl service

all

Turn off vulnerable service if not required for operations

Check device CLI/web interface for service management commands

Network segmentation

linux

Restrict access to swctrl service ports (default UDP 161, 162, 391)

iptables -A INPUT -p udp --dport 161 -j DROP
iptables -A INPUT -p udp --dport 162 -j DROP
iptables -A INPUT -p udp --dport 391 -j DROP

🧯 If You Can't Patch

  • Implement strict network ACLs to block external access to swctrl ports
  • Monitor network traffic for abnormal packet patterns targeting swctrl service

🔍 How to Verify

Check if Vulnerable:

Check device model and firmware version against vendor advisory; test service response to crafted packets.

Check Version:

Check device web interface or CLI for firmware version (varies by model)

Verify Fix Applied:

Verify firmware version is updated per vendor recommendations; test service stability under normal and attack simulation.

📡 Detection & Monitoring

Log Indicators:

  • swctrl service crash logs
  • unexpected service restarts
  • high volume of UDP packets to swctrl ports

Network Indicators:

  • Spike in UDP traffic to ports 161, 162, 391
  • Malformed packets targeting swctrl service

SIEM Query:

source_port=udp AND (dest_port=161 OR dest_port=162 OR dest_port=391) AND packet_size>threshold

📊 Metadata

CVE ID: CVE-2024-8454
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE: CWE-400
Published: September 30, 2024
Last Updated: October 4, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8454, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)