Ethical Hacking News
A critical vulnerability has been discovered in Planet Technology's WGS-804HPT industrial switch, allowing for remote code execution via three separate vulnerabilities. This highlights the importance of prioritizing security in IoT and industrial control systems.
The WGS-804HPT industrial switch has a critical vulnerability that allows for remote code execution, thanks to three discovered flaws by Claroty researchers. The switch is widely used in building and home automation networks, making it vulnerable due to lack of security testing and patching. Three separate vulnerabilities were found: CVE-2024-48871 (9.8 CVSS score), CVE-2024-52320 (9.8 CVSS score), and CVE-2024-52558 (5.3 CVSS score). The vulnerabilities allow for unauthenticated attackers to execute remote code via malicious HTTP requests, posing a significant threat.
Planet Technology's WGS-804HPT industrial switch has been found to be vulnerable to remote code execution, thanks to three critical flaws discovered by Claroty researchers. This finding highlights the importance of prioritizing security in IoT and industrial control systems.
The WGS-804HPT switch is used extensively in building and home automation networks, providing connectivity for a wide range of IoT devices, IP surveillance cameras, and wireless LAN network applications. However, this widespread use also means that these switches are often not given the attention they deserve when it comes to security testing and vulnerability patching.
Claroty's research revealed three separate vulnerabilities in the WGS-804HPT switch, each with a different set of impacts. The first vulnerability, CVE-2024-48871 (CVSS score: 9.8), is a stack-based buffer overflow that allows unauthenticated attackers to execute remote code via malicious HTTP requests. This means that an attacker could potentially hijack the execution flow of the device and run OS commands via shellcode in HTTP requests.
The second vulnerability, CVE-2024-52320 (CVSS score: 9.8), is an OS command injection flaw that also allows unauthenticated attackers to execute remote code via malicious HTTP requests. This vulnerability is similar to the first one but has slightly different impact due to the use of system calls to inject commands.
The third vulnerability, CVE-2024-52558 (CVSS score: 5.3), is an integer underflow flaw that enables unauthenticated attackers to crash systems via malformed HTTP requests. While this vulnerability has a lower CVSS score than the first two, it still poses a significant threat due to its potential to cause system crashes and other denial-of-service attacks.
The researchers pointed out that QEMU enabled them to emulate critical components of the device, which aided in finding vulnerabilities, developing proof-of-concepts (PoCs), and assessing the device's potential impact. They also noted that they were able to develop an exploit that leverages these bugs and remotely runs code on the device.
Planet Technology has since released firmware version 1.305b241111 to address these issues. However, this highlights the importance of keeping up-to-date with patching firmware and ensuring that IoT devices are properly secured.
In recent years, we have seen a significant increase in the number of attacks on IoT devices and industrial control systems. These attacks often go undetected for long periods, allowing attackers to gain access to sensitive systems and cause irreparable damage. The WGS-804HPT switch vulnerability is another example of how critical it is to prioritize security testing and patching in these systems.
In conclusion, the vulnerabilities discovered in the WGS-804HPT industrial switch are a stark reminder of the importance of prioritizing security in IoT and industrial control systems. By keeping up-to-date with patching firmware and ensuring that devices are properly secured, we can prevent attacks like this from happening in the future.
A critical vulnerability has been discovered in Planet Technology's WGS-804HPT industrial switch, allowing for remote code execution via three separate vulnerabilities. This highlights the importance of prioritizing security in IoT and industrial control systems.
Related Information:
https://securityaffairs.com/173237/security/wgs-804hpt-flaws.html
https://thehackernews.com/2025/01/critical-flaws-in-wgs-804hpt-switches.html
https://nvd.nist.gov/vuln/detail/CVE-2024-48871
https://www.cvedetails.com/cve/CVE-2024-48871/
https://nvd.nist.gov/vuln/detail/CVE-2024-52320
https://www.cvedetails.com/cve/CVE-2024-52320/
https://nvd.nist.gov/vuln/detail/CVE-2024-52558
https://www.cvedetails.com/cve/CVE-2024-52558/
Published: Sun Jan 19 20:12:41 2025 by llama3.2 3B Q4_K_M
