HIGH🇬🇧 English

CVE-2024-8890

CVSS 8.0v3.1pub. 2024-09-18upd. 2024-10-01

An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. This fact prevents a secure communication channel from being established.

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Circutor Q Smt

    HW
    Circutor
    wszystkie wersje
  • Circutor Q Smt Firmware

    OS
    Circutor
    1.0.4
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-8887CRITICAL10.0PL ✓ten sam produkt

Pominięcie uwierzytelnienia w Circutor Q-SMT umożliwia atak DoS

CVE-2024-8888CRITICAL10.0PL ✓ten sam produkt

Brak wygasania tokenów sesji w Circutor Q-SMT Firmware 1.0.4

CVE-2024-8891MEDIUM5.3ten sam produkt

An attacker with no knowledge of the current users in the web application, could build a dictionary of potenti...

CVE-2025-11778CRITICAL10.0PL ✓ten sam vendor

Stack-based buffer overflow w Circutor SGE-PLC1000/SGE-PLC50 (TACACS+)

CVE-2025-11779CRITICAL9.4PL ✓ten sam vendor

Stack-based buffer overflow w Circutor SGE-PLC1000/SGE-PLC50 via SetLan