ADVISORIES | August 7, 2024

IOActive Security Advisory | PLANET Networking – Vulnerabilities Identified

By Daniel Martinez

Affected Product

  • IGS-4215-16T2S

Firmware Version

  • 1.305b210528

Background

IOActive had the chance to access the IGS-4215-16T2S device. IOActive identified three vulnerabilities which need attention.

Timeline

  • 2022-09-29: IOActive discovers the vulnerabilities
  • 2023-03-29: IOActive informs Planet Technology about the identified vulnerabilities
  • 2023-12-13: Planet released a new firmware version (1.305b231218) informing IOActive that the vulnerabilities are fixed
  • 2024-01-09: IOActive notifies the vulnerability to INCIBE, Spanish CERT
  • 2024-02-16: IOActive confirm that the vulnerabilities were fixed after retesting them in the new firmware version
  • 2024-03-21: INCIBE shared the CVEs assigned with IOActive
  • 2024-08-07: IOActive advisory published
  • NOTE : While publishing this disclosure, IOActive had retested version FW-IGS-4215-16T2S_v1.305b231218.bix with hash 6e4ea892dc0d203c83ff02a2cba13e83. This version had the fixes. PLANET Technology published a firmware FW-IGS-4215-16T2S_v1.305b240227.bix with the hash abe64b8a62ebf339fb404fd85c0081b. They had informed that the findings have been fixed in this version. IOActive has not reviewed this firmware.
Read The Full Advisory