Products
CIRCUTOR Q-SMT
- 1.0.4
Source
cve-coordination@incibe.es
Tags
CVE-2024-8890 details
Published : Sept. 18, 2024, 1:15 p.m.
Last Modified : Sept. 18, 2024, 1:15 p.m.
Last Modified : Sept. 18, 2024, 1:15 p.m.
Description
An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. This fact prevents a secure communication channel from being established.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8.0 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-201 | Insertion of Sensitive Information Into Sent Data | The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor. |
CVSS Data
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
8.0
Exploitability Score
2.1
Impact Score
5.9
Base Severity
HIGH
Vector String : CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
| URL | Source |
|---|---|
| https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products | cve-coordination@incibe.es |
This website uses the NVD API, but is not approved or certified by it.