Planet Technology Industrial Switch Flaws Risk Full Takeover – Patch Now

Immersive security researchers discovered critical vulnerabilities in Planet Technology network management and switch products, allowing full device control. Learn about the flaws, affected models and the urgent need to apply Planet’s patches.

Cybersecurity firm Immersive has identified critical security weaknesses affecting network management tools and industrial switches manufactured by Planet Technology, a Taiwanese IP-based networking products manufacturer. According to their blog post, shared with Hackread.com, these issues can allow attackers to control all network devices managed by these vulnerable.

Immersive’s team, led by security researcher Kev Breen, discovered multiple vulnerabilities in the company’s industrial control systems. The team initiated an investigation after the company’s products were flagged as vulnerable by CISA in a security advisory in December 2024.

Researchers obtained firmware from the Planet Technology website, and compressed firmware files using the BIX format (a variation of GZIP) for easy extraction. Techniques like UART logging (the process of capturing and recording data transmitted and received through the Universal Asynchronous Receiver/Transmitter (UART) interface) and tools like Binwalk were used to verify and understand the reported issues.

During their research, apart from the vulnerabilities mentioned in CISA’s report, the team uncovered additional previously undisclosed critical flaws. These issues were detected by examining the internal software of Planet Technology’s network management systems (used to remotely oversee numerous Planet devices) and industrial switches (specifically models WGS-80HPT-V2 and WGS-4215-8T2S). Here’s a breakdown of the identified issues:

CVE-2025-46271 is a pre-authentication command injection flaw in network management systems (NMS) allowing complete control. CVE-2025-46274 involves hard-coded, remotely accessible Mongo database credentials in the NMS, also leading to full control. CVE-2025-46273 reveals hard-coded communication credentials between the NMS and managed devices, enabling remote interception and configuration changes.

For specific industrial switches, CVE-2025-46272 is a post-authentication command injection vulnerability granting root access, and CVE-2025-46275 is an authentication bypass allowing unauthorized configuration modifications and admin account creation. All these flaws pose a significant risk of complete system compromise for affected Planet Technology devices.

As per Immersive’s analysis, hackers could use these weaknesses to run their own commands on the devices and even bypass the login security on some switches. They also discovered that the network management system had hidden, default usernames and passwords (like “client:client” for MQTT and “planet:123456” for MongoDB) that anyone could use. This could allow attackers to see everything happening on the network and even change how the devices are set up.

Using online tools like Shodan and Censys, researchers found many internet-connected Planet Technology devices that could be at risk. Immersive shared their findings with CISA, who helped contact Planet Technology. The company has now released software updates (patches) to fix these problems. CISA is advising all users of these Planet Technology products to take steps to protect their networks as soon as possible.