Vulnerabilities > CVE-2024-8889 - Unspecified vulnerability in Circutor Tcp2Rs+ Firmware 1.3B

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

circutor

critical

NVD

Published: 2024-09-18

Updated: 2024-10-07

Summary

Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use. This equipment is at the end of its useful life cycle.

Vulnerable Configurations

Part	Description	Count
Hardware	Circutor Circutor Tcp2Rs+ Firmware 1.3B Circutor Tcp2Rs+ -	2

References

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products