An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. This fact prevents a secure communication channel from being established.
oryginał ENCVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCircutor Q Smt
HWCircutorwszystkie wersjeCircutor Q Smt Firmware
OSCircutor1.0.4
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2024-8887CRITICAL10.0PL ✓ten sam produkt
Pominięcie uwierzytelnienia w Circutor Q-SMT umożliwia atak DoS
CVE-2024-8888CRITICAL10.0PL ✓ten sam produkt
Brak wygasania tokenów sesji w Circutor Q-SMT Firmware 1.0.4
CVE-2024-8891MEDIUM5.3ten sam produkt
An attacker with no knowledge of the current users in the web application, could build a dictionary of potenti...
CVE-2025-11778CRITICAL10.0PL ✓ten sam vendor
Stack-based buffer overflow w Circutor SGE-PLC1000/SGE-PLC50 (TACACS+)
CVE-2025-11779CRITICAL9.4PL ✓ten sam vendor
Stack-based buffer overflow w Circutor SGE-PLC1000/SGE-PLC50 via SetLan