CVE-2024-8888

Insufficient Session Expiration vulnerability on CIRCUTOR Q-SMT

CVSS 10 CRITICALEPSS 0.4%CWE-613

Vexday Risk Score

28Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 10EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

18 sep 2024Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network captures, locally stored web information, etc.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Productos afectados

CIRCUTOR · CIRCUTOR Q-SMT

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products