TVN ID	TVN-202409014
CVE ID	CVE-2024-8458
CVSS	8.8 (High) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products	GS-4210-24PL4C hardware 2.0 GS-4210-24P2S hardware 3.0
Description	Certain switch models from PLANET Technology have a web application that is vulnerable to Cross-Site Request Forgery (CSRF). An unauthenticated remote attacker can trick a user into visiting a malicious website, allowing the attacker to impersonate the user and perform actions on their behalf, such as creating accounts.
Solution	Update firmware of GS-4210-24PL4C hardware 2.0 to version 2.305b240719 or later. Update firmware of GS-4210-24P2S hardware 3.0 to version 3.305b240802 or later.
Credit	Agenzia per la Cybersicurezza Nazionale (ACN)
Public Date	2024-09-30