The affected product is vulnerable to a stack-based buffer overflow. An unauthenticated attacker could send a malicious HTTP request that the webserver fails to properly check input size before copying data to the stack, potentially allowing remote code execution.
Fixes

Solution

Planet Technology recommends users upgrade to version 1.305b241111 https://www.planet.com.tw/en/support/downloads  or later.


Workaround

No workaround given by the vendor.

History

Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.0038}

epss

{'score': 0.00543}


Fri, 06 Dec 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Planet Technology Corp
Planet Technology Corp wgs-804hpt Firmware
CPEs cpe:2.3:o:planet_technology_corp:wgs-804hpt_firmware:1.305b210531:*:*:*:*:*:*:*
Vendors & Products Planet Technology Corp
Planet Technology Corp wgs-804hpt Firmware
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 06 Dec 2024 17:30:00 +0000

Type Values Removed Values Added
Description The affected product is vulnerable to a stack-based buffer overflow. An unauthenticated attacker could send a malicious HTTP request that the webserver fails to properly check input size before copying data to the stack, potentially allowing remote code execution.
Title Planet Technology Planet WGS-804HPT Stack-based Buffer Overflow
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2024-12-06T20:29:05.846Z

Reserved: 2024-12-02T15:48:12.763Z

Link: CVE-2024-48871

cve-icon Vulnrichment

Updated: 2024-12-06T19:23:23.785Z

cve-icon NVD

Status : Received

Published: 2024-12-06T18:15:25.267

Modified: 2024-12-06T18:15:25.267

Link: CVE-2024-48871

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.