An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network captures, locally stored web information, etc.
Session tokens generated by the Circutor Q-SMT device web application lack an expiration mechanism (no expiration date), which violates secure session management practices (CWE-613). An attacker with access to the network where the device is located can intercept the token using various methods — for example, through network traffic eavesdropping (network capture) or reading data stored locally by the browser. After obtaining the token, the attacker can repeatedly and indefinitely use it to authenticate to the web application without needing to know the password.
An attacker possessing a stolen token gains full, unlimited-time access to the device's web interface, which may lead to disclosure of sensitive configuration data, modification of device settings, and potential disruption of its operation.
Apply patches available from the manufacturer according to references. Additionally, it is recommended to segment OT/IT networks and restrict access to the device's web interface exclusively to trusted hosts through firewall rules.
Circutor Q-SMT with firmware version 1.0.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HCircutor Q Smt
HWCircutorwszystkie wersjeCircutor Q Smt Firmware
OSCircutor1.0.4
Related vulnerabilities
Pominięcie uwierzytelnienia w Circutor Q-SMT umożliwia atak DoS
An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, coul...
An attacker with no knowledge of the current users in the web application, could build a dictionary of potenti...
Stack-based buffer overflow w Circutor SGE-PLC1000/SGE-PLC50 (TACACS+)
Stack-based buffer overflow w Circutor SGE-PLC1000/SGE-PLC50 via SetLan