CRITICAL🇵🇱 Wersja polska

CVE-2024-8887

CVSS 10.0v3.1pub. 2024-09-18upd. 2024-10-01

CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow interacting with the device.

🤖 AI Analysis
How it works

An attacker with network access to the Circutor Q-SMT device's web interface can bypass login page security without providing valid authentication credentials. After successfully bypassing authentication (CWE-1284 — improper input validation), they gain access to all functions available through the web interface. The ability to freely use these functions enables, among other things, conducting a denial of service attack that could potentially disable the device.

Impact

An attacker can take full control of the device's web functions and cause its unavailability through a DoS attack, which in an industrial environment may result in disruption of continuous energy monitoring and management.

Mitigation & patch

Patches available from the manufacturer should be applied according to references. It is also recommended to restrict access to the device's web interface exclusively to trusted hosts at the firewall and network level, until the official manufacturer patch is deployed.

Who is affected

Circutor Q-SMT with firmware version 1.0.4

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Circutor Q Smt

    HW
    Circutor
    wszystkie wersje
  • Circutor Q Smt Firmware

    OS
    Circutor
    1.0.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2024-8888CRITICAL10.0PL ✓ten sam produkt

Brak wygasania tokenów sesji w Circutor Q-SMT Firmware 1.0.4

CVE-2024-8890HIGH8.0ten sam produkt

An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, coul...

CVE-2024-8891MEDIUM5.3ten sam produkt

An attacker with no knowledge of the current users in the web application, could build a dictionary of potenti...

CVE-2025-11778CRITICAL10.0PL ✓ten sam vendor

Stack-based buffer overflow w Circutor SGE-PLC1000/SGE-PLC50 (TACACS+)

CVE-2025-11779CRITICAL9.4PL ✓ten sam vendor

Stack-based buffer overflow w Circutor SGE-PLC1000/SGE-PLC50 via SetLan