MEDIUM🇬🇧 English

CVE-2024-8891

CVSS 5.3v3.1pub. 2024-09-18upd. 2024-09-26

An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Circutor Q Smt

    HW
    Circutor
    wszystkie wersje
  • Circutor Q Smt Firmware

    OS
    Circutor
    1.0.4
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-8887CRITICAL10.0PL ✓ten sam produkt

Pominięcie uwierzytelnienia w Circutor Q-SMT umożliwia atak DoS

CVE-2024-8888CRITICAL10.0PL ✓ten sam produkt

Brak wygasania tokenów sesji w Circutor Q-SMT Firmware 1.0.4

CVE-2024-8890HIGH8.0ten sam produkt

An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, coul...

CVE-2025-11778CRITICAL10.0PL ✓ten sam vendor

Stack-based buffer overflow w Circutor SGE-PLC1000/SGE-PLC50 (TACACS+)

CVE-2025-11779CRITICAL9.4PL ✓ten sam vendor

Stack-based buffer overflow w Circutor SGE-PLC1000/SGE-PLC50 via SetLan