Vulnerabilities > Circutor > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-18 | CVE-2024-8890 | Unspecified vulnerability in Circutor Q-Smt Firmware 1.0.4 An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. low complexity circutor | 8.8 |
| 2024-09-18 | CVE-2024-8888 | Insufficient Session Expiration vulnerability in Circutor Q-Smt Firmware 1.0.4 An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. | 7.5 |
| 2024-09-18 | CVE-2024-8887 | Improper Validation of Specified Quantity in Input vulnerability in Circutor Q-Smt Firmware 1.0.4 CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow interacting with the device. | 8.6 |
| 2022-05-24 | CVE-2022-1669 | Unspecified vulnerability in Circutor Compact Dc-S Basic Firmware 1.2.17 A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. | 8.1 |
| 2021-06-09 | CVE-2021-33842 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Circutor Sge-Plc1000 Firmware 0.9.2B Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. | 8.8 |