181 matches found
CVE-2024-8891
An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4...
CVE-2024-8891
An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4...
CVE-2024-8890
An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. This fact prevents a secure communication channel from being establish...
CVE-2024-8892
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the...
CVE-2024-8891
CVE-2024-8891 applies to CIRCUTOR Q-SMT, firmware 1.0.4. The vulnerability allows an attacker with no knowledge of current users to enumerate potential users by observing server responses, revealing whether a user exists. This is a user enumeration/ private information exposure issue affecting th...
CVE-2024-8891 Exposure of Private Personal Information to an Unauthorized Actor vulnerability on CIRCUTOR Q-SMT
An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4...
CVE-2024-8891 Exposure of Private Personal Information to an Unauthorized Actor vulnerability on CIRCUTOR Q-SMT
An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4...
CVE-2024-8890 Insertion of Sensitive Information Into Sent Data vulnerability on CIRCUTOR Q-SMT
An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. This fact prevents a secure communication channel from being establish...
CVE-2024-8890 Insertion of Sensitive Information Into Sent Data vulnerability on CIRCUTOR Q-SMT
An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. This fact prevents a secure communication channel from being establish...
CVE-2024-8892 Uncontrolled Resource Consumption vulnerability on CIRCUTOR TCP2RS+
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the...
CVE-2024-8892 Uncontrolled Resource Consumption vulnerability on CIRCUTOR TCP2RS+
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the...
CVE-2024-8892
CVE-2024-8892 affects CIRCUTOR TCP2RS+ firmware v1.3b. A vulnerability allows an unauthenticated attacker to modify any configuration value by sending packets to UDP port 2000, deconfiguring the device and making it unusable. The device is described as end-of-life. Mitigation from PT-2024-39304 s...
CVE-2024-8888
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network...
CVE-2024-8888
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network...
CVE-2024-8889
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the...
CVE-2024-8889 Improper Input Validation vulnerability on CIRCUTOR TCP2RS+
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the...
CVE-2024-8889 Improper Input Validation vulnerability on CIRCUTOR TCP2RS+
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the...
CVE-2024-8889
CVE-2024-8889 affects CIRCUTOR TCP2RS+ firmware v1.3b. The root cause is improper input validation that lets an attacker modify any configuration value via UDP port 2000 without authentication, even if user/password is enabled, deconfiguring the device and causing it to be unusable. The issue imp...
CVE-2024-8888 Insufficient Session Expiration vulnerability on CIRCUTOR Q-SMT
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network...
CVE-2024-8888
CVE-2024-8888 affects CIRCUTOR Q-SMT, firmware v1.0.4. A token-based web authentication flaw allows token theft with no expiration, enabling unrestricted access to the web application from the network. Root cause: tokens lack expiration, enabling misuse via network captures or locally stored web ...