CVE-2024-8887

CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow interacting with the device.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:circutor:q-smt_firmware:1.0.4:*:*:*:*:*:*:*

cpe:2.3:h:circutor:q-smt:-:*:*:*:*:*:*:*

History

01 Oct 2024, 17:30

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~10.0~~	v2 : unknown v3 : 8.6
CPE		cpe:2.3:h:circutor:q-smt:-:::::::* cpe:2.3:o:circutor:q-smt_firmware:1.0.4:::::::*
References	~~() https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products -~~	() https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products - Third Party Advisory
First Time		Circutor q-smt Circutor Circutor q-smt Firmware

20 Sep 2024, 12:30

Type	Values Removed	Values Added
Summary		(es) CIRCUTOR Q-SMT en su versión de firmware 1.0.4, podría verse afectado por un ataque de denegación de servicio (DoS) si un atacante con acceso al servicio web evita los mecanismos de autenticación en la página de login, permitiendo al atacante utilizar todas las funcionalidades implementadas a nivel web que permiten interactuar con el dispositivo.

18 Sep 2024, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-18 11:15

Updated : 2024-10-01 17:30

NVD link : CVE-2024-8887

Mitre link : CVE-2024-8887

CVE.ORG link : CVE-2024-8887

JSON object : View

Products Affected

circutor

q-smt_firmware
q-smt

CWE

CWE-1284

Improper Validation of Specified Quantity in Input

{"id": "CVE-2024-8887", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}]}, "published": "2024-09-18T11:15:10.530", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products", "tags": ["Third Party Advisory"], "source": "cve-coordination@incibe.es"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1284"}]}, {"type": "Secondary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-1284"}]}], "descriptions": [{"lang": "en", "value": "CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow interacting with the device."}, {"lang": "es", "value": "CIRCUTOR Q-SMT en su versi\u00f3n de firmware 1.0.4, podr\u00eda verse afectado por un ataque de denegaci\u00f3n de servicio (DoS) si un atacante con acceso al servicio web evita los mecanismos de autenticaci\u00f3n en la p\u00e1gina de login, permitiendo al atacante utilizar todas las funcionalidades implementadas a nivel web que permiten interactuar con el dispositivo."}], "lastModified": "2024-10-01T17:30:07.597", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:circutor:q-smt_firmware:1.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "292A461E-4540-40B6-9366-E78BA7EB5EB9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:circutor:q-smt:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9DA81978-4905-41F2-869B-430A9AEC2EEC"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve-coordination@incibe.es"}