2 matches found
CVE-2024-8888
CVE-2024-8888 affects CIRCUTOR Q-SMT, firmware v1.0.4. A token-based web authentication flaw allows token theft with no expiration, enabling unrestricted access to the web application from the network. Root cause: tokens lack expiration, enabling misuse via network captures or locally stored web ...
CVE-2024-8887
CVE-2024-8887 – CIRCUTOR Q-SMT (firmware 1.0.4) is a network-facing authentication-bypass vulnerability. An attacker with access to the device’s web service can bypass login controls and exercise the full web-level functionality, potentially causing a denial of service. The available sources cons...