CVE-2024-8889

Summary

CVE-2024-8889 is a critical vulnerability affecting the CIRCUTOR TCP2RS+ firmware version 1.3b, enabling unauthorized modification of configuration values without authentication via UDP packets on port 2000. This flaw poses significant risks, as it can lead to device deconfiguration and render the equipment unusable, particularly since the device is at the end of its life cycle. The vulnerability has an exploitability score of 3.9 and a base severity rating of 9.3, indicating a high potential for impact with low attack complexity and no required user interaction. Organizations are advised to remediate this issue by discontinuing use of affected products or implementing network controls to limit access to vulnerable devices. Proper input validation measures should also be considered in future deployments to mitigate similar vulnerabilities.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.