CVE-2024-8887

CRITICAL

CIRCUTOR Q-SMT Firmware 1.0.4 - Denial of Service via Authentication Bypass

Title source: llm

Description

CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow interacting with the device.

References (1)

Core 1

Core References

Third Party Advisory

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products

Scores

CVSS v3 10.0

EPSS 0.0054

EPSS Percentile 41.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-1284

Status published

Products (1)

circutor/q-smt_firmware 1.0.4

Published Sep 18, 2024

Tracked Since Feb 18, 2026