These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2025-46275 is a critical Planet Technology vulnerability affecting specific network products where authentication is missing on the management path. According to the CISA CSAF advisory, an attacker can create an administrator account without knowing any existing credentials, which can lead to full device takeover on reachable systems. Planet has released patches for the affected products.
CVE-2025-46274 is a critical authentication flaw in Planet Technology network management products. According to the CISA CSAF advisory published on 2025-04-24, hard-coded credentials in UNI-NMS-Lite, NMS-500, and the NMS-1000 family can let an unauthenticated attacker read, manipulate, and create entries in the managed database. CISA revised the advisory on 2025-05-06 to fix typos, and the core risk remai [truncated]
CVE-2025-46273 is a critical authentication flaw affecting multiple Planet Technology products. CISA states that all affected products use hard-coded credentials, which could allow an unauthenticated attacker to gain administrative privileges to UNI-NMS managed devices. The advisory was published on 2025-04-24 and revised on 2025-05-06 for typo fixes; the underlying risk remains unchanged.
CVE-2025-46272 is a critical unauthenticated command injection issue in affected Planet Technology network devices. CISA’s advisory says a remote attacker could execute OS commands on the host system, and vendor patches are available for the affected models.
CVE-2025-46271 is a critical, network-reachable command-injection vulnerability affecting Planet Technology network management products. According to CISA’s CSAF advisory, an unauthenticated attacker could read or manipulate device data on affected systems. Vendor patches are available, and the advisory was initially published on 2025-04-24 and later revised on 2025-05-06 for typo fixes only.
Planet Technology Planet WGS-804HPT devices are vulnerable to an integer underflow condition that can be triggered by unauthenticated attackers via malformed HTTP requests, resulting in program crash and denial of service. The vulnerability affects firmware version 1.305b210531 and has been assigned a CVSS 3.1 score of 5.3 (Medium severity). CISA published advisory ICSA-24-340-02 on December 5, 2024, iden [truncated]
A critical command injection vulnerability in the Planet Technology Planet WGS-804HPT industrial switch allows unauthenticated remote attackers to execute arbitrary code via malicious HTTP requests. The vulnerability, published December 5, 2024, carries a CVSS 3.1 score of 9.8 (Critical) and affects firmware version 1.305b210531. Planet Technology has released patched firmware version 1.305b241111 to addr [truncated]
CVE-2024-48871 is a critical stack-based buffer overflow vulnerability in the Planet Technology Planet WGS-804HPT industrial switch, published by CISA on December 5, 2024. The vulnerability exists in the device's webserver, which fails to properly validate input size before copying data to the stack. An unauthenticated remote attacker can exploit this flaw by sending a malicious HTTP request, potentially [truncated]