Summary: Immersive security researchers discovered critical vulnerabilities in Planet Technology’s network management systems and industrial switches, enabling full control by attackers. The flaws affect various models, and researchers found both previously known and new vulnerabilities. Immediate patch application is urged to protect affected devices from potential exploitation.
Affected: Planet Technology network management systems and industrial switches
Keypoints :
- CVE-2025-46271: Pre-authentication command injection flaw allows complete control of network management systems.
- CVE-2025-46274: Hard-coded MongoDB credentials lead to full control of network management systems.
- CVE-2025-46273: Hard-coded communication credentials enable remote interception and configuration changes.
- CVE-2025-46272: Post-authentication command injection vulnerability grants root access to specific switches.
- CVE-2025-46275: Authentication bypass allows unauthorized configuration modifications and admin account creation.
- Hidden default usernames and passwords pose additional risks to network security, easily exploitable by attackers.
- Urgent need for users to apply Planet’s patches to mitigate risks associated with these vulnerabilities.
Source: https://hackread.com/planet-technology-industrial-switch-flaws-full-takeover/