Vulnerabilities > CVE-2024-8887 - Improper Validation of Specified Quantity in Input vulnerability in Circutor Q-Smt Firmware 1.0.4

CVSS 8.6 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

circutor

CWE-1284

NVD

Published: 2024-09-18

Updated: 2024-10-01

Summary

CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow interacting with the device.

Vulnerable Configurations

Part	Description	Count
OS	Circutor Circutor Q SMT Firmware 1.0.4	1
Hardware	Circutor Circutor Q SMT -	1

Common Weakness Enumeration (CWE)

CWE-1284 - Improper Validation of Specified Quantity in Input

References

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products