Critical Planet Technology switch vulnerabilities pose total takeover risk

Total network device compromise is possible with attacks exploiting critical flaws impacting Planet Technology's network management systems and switches, reports Hackread. Both the pre-authentication command injection flaw and hard-coded Mongo database credential vulnerability in Planet Technology NMS, tracked as CVE-2025-46271 and CVE-2025-46274, respectively, could be leveraged to facilitate complete device control, while the other NMS issue, tracked as CVE-2025-46273, could be abused to allow modified configurations, findings from cybersecurity firm Immersive showed. On the other hand, Planet Technology's WGS-80HPT-V2 and WGS-4215-8T2S industrial switches are affected by the authentication command injection bug, tracked as CVE-2025-46272, and authentication bypass vulnerability, tracked as CVE-2025-46275, which could also be harnessed to compromise targeted systems while evading login security. Numerous online Planet Technology devices were noted by Censys and Shodan to be potentially vulnerable to intrusions involving the security issues, prompting Planet Technology to urge the immediate application of issued product fixes.