Vulnerabilities > CVE-2024-8888 - Insufficient Session Expiration vulnerability in Circutor Q-Smt Firmware 1.0.4

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

circutor

CWE-613

NVD

Published: 2024-09-18

Updated: 2024-10-01

Summary

An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network captures, locally stored web information, etc.

Vulnerable Configurations

Part	Description	Count
OS	Circutor Circutor Q SMT Firmware 1.0.4	1
Hardware	Circutor Circutor Q SMT -	1

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products