In a recent report from Claroty researcher Tomer Goldschmidt, three critical vulnerabilities were uncovered in the Planet WGS-804HPT industrial switches, widely used in building and home automation systems. These switches, essential for networking applications like IoT devices, IP surveillance cameras, and wireless LANs, were found vulnerable to remote code execution. The vulnerabilities—CVE-2024-52558, CVE-2024-52320, and CVE-2024-48871—underline the critical need for proactive firmware security measures.
Goldschmidt detailed the vulnerabilities discovered:
- CVE-2024-52558: An integer underflow flaw (CVSS score: 5.3) allowing unauthenticated attackers to send malformed HTTP requests, causing crashes.
- CVE-2024-52320: An OS command injection flaw (CVSS score: 9.8), enabling attackers to execute commands via malicious HTTP requests.
- CVE-2024-48871: A stack-based buffer overflow (CVSS score: 9.8), allowing attackers to execute remote code by sending crafted HTTP requests.
“We were able to develop an exploit that leverages these bugs and remotely runs code on the device,” Goldschmidt wrote.
Unable to physically access the switches, Team82 utilized the open-source QEMU framework to emulate the device’s system components. The emulation approach proved invaluable, enabling the team to analyze the firmware, uncover vulnerabilities, and test exploits in a controlled environment.
“QEMU and other emulators act as great testing environments where software and firmware can be analyzed for exploitable vulnerabilities,” the report highlighted.
The research focused on the Boa web server embedded in the device. The web server routes client requests through a CGI interface, dispatcher.cgi, which became a focal point for vulnerability analysis. A stack-based buffer overflow in dispatcher.cgi allowed attackers to manipulate memory and execute arbitrary commands.
“This is a relatively simple primitive that provides an attacker with the ability to redirect code execution,” explained Goldschmidt.
The exploit development revealed the absence of common security mitigations, such as the NX bit or stack canaries, simplifying the attack process. By crafting shellcode in MIPS 32-bit assembly, the researchers demonstrated the potential to gain complete control over the device.
Planet Technology has addressed these vulnerabilities by releasing firmware version 1.305b241111 and advising users to update immediately. Organizations using these switches should also:
- Isolate vulnerable devices from critical networks.
- Monitor device logs for suspicious activity.
- Conduct regular firmware updates to prevent exploitation of known vulnerabilities.
Related Posts:
- New ‘Planet Stealer’ Malware Emerges: Your Passwords and Crypto Wallets at Risk
- PLANET Technology Switches Face CVE-2024-8456 (CVSS 9.8), Urgent Firmware Updates Advised
- Hackers Crack Nintendo Switch to run Ubuntu 18.04 LTS
- Hacker successfully exploit the Nintendo Switch
- Hackers showed Nintendo Switch host running Linux system in video
