CVE-2024-8887

Authentication bypass vulnerability on CIRCUTOR Q-SMT

CVSS 10 CRITICALEPSS 0.6%CWE-1284

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 10EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

18 Sep 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow interacting with the device.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected products

CIRCUTOR · CIRCUTOR Q-SMT

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products