Critical Vulnerabilities Discovered in Planet Technology’s Network Management Products
Recently, researchers from the cybersecurity firm Immersive uncovered significant vulnerabilities within network management tools and industrial switches produced by Planet Technology, a Taiwanese manufacturer renowned for its IP-based networking solutions. This investigation highlights a pressing cybersecurity concern due to the potential for full control over affected devices, necessitating urgent patch implementations from Planet Technology.
The findings emerged following a security advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA) in December 2024, which flagged Planet Technology’s products as susceptible to attacks. The Immersive research team, led by noted security researcher Kev Breen, embarked on a detailed analysis of the industrial control systems and network management products after this critical alert.
For their investigation, Immersive accessed firmware directly through Planet Technology’s official website. They employed advanced techniques for the extraction and examination of firmware, utilizing methods like BIX compression—an adaptation of GZIP—and tools such as Binwalk for disclosing the firmware’s intricate structures. During their ongoing scrutiny, the researchers not only corroborated the vulnerabilities cited by CISA but also discovered additional severe flaws that had not previously been disclosed.
The flaws uncovered by the research team were primarily related to the internal software governing Planet Technology’s network management systems, which are vital for the remote supervision of numerous devices. For the industrial switch models, specifically the WGS-80HPT-V2 and WGS-4215-8T2S, the vulnerabilities posed a significant risk.
Among the critical vulnerabilities identified is CVE-2025-46271, a pre-authentication command injection flaw in the network management systems that grants attackers the capacity for complete device control. Another severe vulnerability, CVE-2025-46274, involves hard-coded database credentials for MongoDB within the network management systems, which can also permit full system access. Furthermore, CVE-2025-46273 exposes hard-coded communication credentials between the network management system and the managed devices, permitting the potential for remote interception and unauthorized configuration changes.
For the specific industrial switch models, vulnerabilities include CVE-2025-46272, which allows post-authentication command injections leading to root access, and CVE-2025-46275, an authentication bypass that can facilitate unauthorized alterations of device configurations and the creation of new administrative accounts. The existence of these vulnerabilities underscores a critical risk that could result in the complete compromise of Planet Technology devices.
Immersive’s research analysis indicates that adversaries could exploit these vulnerabilities to execute arbitrary commands on the affected devices, even bypassing security on certain switches. One alarming revelation was the presence of hidden and default usernames and passwords within the network management system, such as “client:client” for MQTT and “planet:123456” for MongoDB. Such oversights render the network highly vulnerable, allowing potential attackers not only to monitor all network activities but also to alter device configurations.
To assess the scope of the issue, Immersive utilized online analytic tools like Shodan and Censys, where they identified numerous internet-connected devices manufactured by Planet Technology that could be endangered by these vulnerabilities. Following the discovery, Immersive promptly conveyed their findings to CISA, which facilitated contact with Planet Technology. In response, the company has instituted software updates to address these security flaws.
CISA has issued a directive advising all users of affected Planet Technology products to take immediate action to safeguard their networks by implementing the provided patches. The urgency of this situation cannot be overstated, as unaddressed vulnerabilities could lead to catastrophic security breaches, impacting not just individual users but potentially posing a broader risk to infrastructure relying on these technologies.
As the cybersecurity landscape evolves, the imperative for companies to remain vigilant against emerging threats becomes increasingly clear. The exposure of such critical vulnerabilities highlights the necessity for consistent updates and rigorous security assessments within the infrastructure of network management systems. The actions taken by Planet Technology in response to Immersive’s findings will be closely scrutinized by the industry as they work to restore trust among their clients and ensure the ongoing security of their devices.