Critical Vulnerabilities Discovered in Planet Technology Products: Immersive Security Investigation
In a recent investigation, cybersecurity firm Immersive has uncovered critical security vulnerabilities in the network management tools and industrial switches produced by Planet Technology, a Taiwanese manufacturer specializing in IP-based networking products. These vulnerabilities, which could allow attackers to gain complete control over affected devices, were detailed in a blog post shared with Hackread.com.
The investigation was initiated by Immersive’s research team, led by security expert Kev Breen, following a security advisory from the Cybersecurity and Infrastructure Security Agency (CISA) in December 2024 that flagged Planet Technology’s products as potentially vulnerable. The CISA advisory acted as a catalyst for Immersive’s comprehensive assessment of the company’s devices.
To conduct their research, Immersive’s team downloaded firmware from Planet Technology’s official website. They then utilized a compressed firmware format known as BIX, a variation of GZIP, to facilitate the extraction process. Their methodology further included techniques like UART logging, which involves capturing and analyzing data transmitted through the Universal Asynchronous Receiver/Transmitter interface, as well as employing tools like Binwalk to validate and comprehend the reported vulnerabilities.
During their investigation, the team revealed not only the vulnerabilities identified in the CISA advisory but also discovered additional, previously undisclosed critical flaws. By scrutinizing the internal software of Planet Technology’s network management systems—capable of remotely supervising multiple devices—and various industrial switches, specifically the models WGS-80HPT-V2 and WGS-4215-8T2S, Immersive compiled a summary of the identified vulnerabilities.
Among these vulnerabilities, CVE-2025-46271 stands out as a pre-authentication command injection flaw within the network management systems (NMS), allowing perpetrators to gain complete control. Another critical issue, CVE-2025-46274, involves hard-coded, remotely accessible MongoDB credentials inherent in the NMS, similarly enabling unauthorized full control over the devices. CVE-2025-46273 reveals hard-coded communication credentials between the NMS and managed devices, paving the way for remote interception and potentially dangerous configuration changes.
For the specific models of industrial switches, an alarming vulnerability designated CVE-2025-46272 allows post-authentication command injections, granting root access to attackers. Meanwhile, CVE-2025-46275 is a critical authentication bypass vulnerability that permits unauthorized configuration modifications and the creation of admin accounts. Taken together, these various flaws present significant risks, potentially leading to total system compromise for any devices affected.
Immersive’s analysis indicates that malicious actors could exploit these vulnerabilities to execute their own commands on the devices, even managing to bypass login security protocols on certain switches. Further compounding the risks, researchers identified hidden default usernames and passwords, such as “client:client” for MQTT and “planet:123456” for MongoDB. These easily accessible credentials could be exploited, allowing attackers to surveil the network effectively and alter device configurations.
Using online platforms like Shodan and Censys, Immersive’s team discovered a considerable number of internet-connected Planet Technology devices vulnerable to exploitation. Recognizing the urgency of the situation, Immersive promptly communicated their findings to CISA, which facilitated direct contact with Planet Technology. In response to the vulnerabilities reported, Planet Technology has now rolled out software updates (patches) aimed at rectifying these critical issues.
CISA has also stepped in to advise all users of Planet Technology products to implement protective measures immediately, emphasizing the importance of network security in the face of such vulnerabilities. It is crucial for organizations utilizing these devices to be aware of the potential risks and to apply the necessary patches without delay to safeguard their networks from potential attacks.
The investigation by Immersive has spotlighted the urgent need for heightened vigilance in network security, particularly as the threat landscape continues to evolve rapidly.