Lucene search
K

181 matches found

OSV
OSV
added 2024/09/18 2:15 p.m.2 views

CVE-2024-8891

An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4...

5.3CVSS5.8AI score0.00312EPSS
Exploits0References1
NVD
NVD
added 2024/09/18 2:15 p.m.18 views

CVE-2024-8891

An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4...

5.3CVSS0.00312EPSS
Exploits0References1
OSV
OSV
added 2024/09/18 1:15 p.m.3 views

CVE-2024-8890

An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. This fact prevents a secure communication channel from being establish...

8.8CVSS5.8AI score0.00391EPSS
Exploits0References1
NVD
NVD
added 2024/09/18 1:15 p.m.15 views

CVE-2024-8892

Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the...

9.1CVSS0.00345EPSS
Exploits0References1
CVE
CVE
added 2024/09/18 1:10 p.m.46 views

CVE-2024-8891

CVE-2024-8891 applies to CIRCUTOR Q-SMT, firmware 1.0.4. The vulnerability allows an attacker with no knowledge of current users to enumerate potential users by observing server responses, revealing whether a user exists. This is a user enumeration/ private information exposure issue affecting th...

5.3CVSS5.3AI score0.00312EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/09/18 1:10 p.m.21 views

CVE-2024-8891 Exposure of Private Personal Information to an Unauthorized Actor vulnerability on CIRCUTOR Q-SMT

An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4...

5.3CVSS0.00312EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/18 1:10 p.m.13 views

CVE-2024-8891 Exposure of Private Personal Information to an Unauthorized Actor vulnerability on CIRCUTOR Q-SMT

An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4...

5.3CVSS6.9AI score0.00312EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/18 1:3 p.m.32 views

CVE-2024-8890 Insertion of Sensitive Information Into Sent Data vulnerability on CIRCUTOR Q-SMT

An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. This fact prevents a secure communication channel from being establish...

8CVSS0.00391EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/18 1:3 p.m.11 views

CVE-2024-8890 Insertion of Sensitive Information Into Sent Data vulnerability on CIRCUTOR Q-SMT

An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. This fact prevents a secure communication channel from being establish...

8CVSS6.9AI score0.00391EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/18 12:54 p.m.8 views

CVE-2024-8892 Uncontrolled Resource Consumption vulnerability on CIRCUTOR TCP2RS+

Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the...

5.3CVSS7.2AI score0.00345EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/18 12:54 p.m.14 views

CVE-2024-8892 Uncontrolled Resource Consumption vulnerability on CIRCUTOR TCP2RS+

Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the...

5.3CVSS0.00345EPSS
Exploits0References1
CVE
CVE
added 2024/09/18 12:54 p.m.52 views

CVE-2024-8892

CVE-2024-8892 affects CIRCUTOR TCP2RS+ firmware v1.3b. A vulnerability allows an unauthenticated attacker to modify any configuration value by sending packets to UDP port 2000, deconfiguring the device and making it unusable. The device is described as end-of-life. Mitigation from PT-2024-39304 s...

9.1CVSS5.8AI score0.00345EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/09/18 12:15 p.m.4 views

CVE-2024-8888

An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network...

7.5CVSS5.8AI score0.00421EPSS
Exploits0References1
NVD
NVD
added 2024/09/18 12:15 p.m.84 views

CVE-2024-8888

An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network...

10CVSS0.00421EPSS
Exploits0References1
NVD
NVD
added 2024/09/18 12:15 p.m.12 views

CVE-2024-8889

Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the...

9.3CVSS0.00433EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/18 12:0 p.m.11 views

CVE-2024-8889 Improper Input Validation vulnerability on CIRCUTOR TCP2RS+

Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the...

9.3CVSS7.2AI score0.00433EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/18 12:0 p.m.17 views

CVE-2024-8889 Improper Input Validation vulnerability on CIRCUTOR TCP2RS+

Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the...

9.3CVSS0.00433EPSS
Exploits0References1
CVE
CVE
added 2024/09/18 12:0 p.m.43 views

CVE-2024-8889

CVE-2024-8889 affects CIRCUTOR TCP2RS+ firmware v1.3b. The root cause is improper input validation that lets an attacker modify any configuration value via UDP port 2000 without authentication, even if user/password is enabled, deconfiguring the device and causing it to be unusable. The issue imp...

9.3CVSS9.3AI score0.00433EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/09/18 11:54 a.m.29 views

CVE-2024-8888 Insufficient Session Expiration vulnerability on CIRCUTOR Q-SMT

An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network...

10CVSS0.00421EPSS
Exploits0References1
CVE
CVE
added 2024/09/18 11:54 a.m.164 views

CVE-2024-8888

CVE-2024-8888 affects CIRCUTOR Q-SMT, firmware v1.0.4. A token-based web authentication flaw allows token theft with no expiration, enabling unrestricted access to the web application from the network. Root cause: tokens lack expiration, enabling misuse via network captures or locally stored web ...

10CVSS8.7AI score0.00421EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder