CVE-2024-8887

CVSS 3.1 Score 10.0 of 10 (high)

Details

Published Sep 18, 2024
Updated: Sep 20, 2024
CWE ID 1284

Summary

CVE-2024-8887 identifies a critical vulnerability in the firmware version 1.0.4 of CIRCUTOR Q-SMT devices, which may be exploited through a denial of service (DoS) attack if an attacker gains unauthorized access to the web service and bypasses authentication on the login page. This flaw allows the attacker to utilize all web functionalities available on the device, posing significant risks including high impacts on confidentiality, integrity, and availability. Remediation measures should include applying firmware updates that address these vulnerabilities and enhancing security protocols to prevent unauthorized access. The vulnerability has been rated with a base score of 10.0 on the CVSS scale, indicating its critical severity and low complexity for exploitation without requiring user interaction or special privileges. Organizations using affected CIRCUTOR products should take immediate action to safeguard their systems against potential attacks exploiting this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share