Vulnerabilities > Circutor

DATE CVE VULNERABILITY TITLE RISK
2024-09-18 CVE-2024-8891 Unspecified vulnerability in Circutor Q-Smt Firmware 1.0.4
An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4.
network
low complexity
circutor
5.3
2024-09-18 CVE-2024-8890 Unspecified vulnerability in Circutor Q-Smt Firmware 1.0.4
An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol.
low complexity
circutor
8.8
2024-09-18 CVE-2024-8892 Unspecified vulnerability in Circutor Tcp2Rs+ Firmware 1.3B
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use.
network
low complexity
circutor
critical
9.1
2024-09-18 CVE-2024-8888 Insufficient Session Expiration vulnerability in Circutor Q-Smt Firmware 1.0.4
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions.
network
low complexity
circutor CWE-613
7.5
2024-09-18 CVE-2024-8889 Unspecified vulnerability in Circutor Tcp2Rs+ Firmware 1.3B
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use.
network
low complexity
circutor
critical
9.1
2024-09-18 CVE-2024-8887 Improper Validation of Specified Quantity in Input vulnerability in Circutor Q-Smt Firmware 1.0.4
CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow interacting with the device.
network
low complexity
circutor CWE-1284
8.6
2022-05-24 CVE-2022-1669 Unspecified vulnerability in Circutor Compact Dc-S Basic Firmware 1.2.17
A buffer overflow vulnerability has been detected in the firewall function of the device management web portal.
network
low complexity
circutor
8.1
2021-12-02 CVE-2021-26777 Classic Buffer Overflow vulnerability in Circutor Compact Dc-S Basic Firmware 1.2.17
Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIR_CDC_v1.2.17, allows attackers to execute arbitrary code.
network
low complexity
circutor CWE-120
critical
9.8
2021-06-09 CVE-2021-33841 OS Command Injection vulnerability in Circutor Sge-Plc1000 Firmware 0.9.2B
SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges.
network
low complexity
circutor CWE-78
critical
9.8
2021-06-09 CVE-2021-33842 Reliance on Cookies without Validation and Integrity Checking vulnerability in Circutor Sge-Plc1000 Firmware 0.9.2B
Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user.
low complexity
circutor CWE-565
8.8